Reasonable expectations of sysadmins (was Re: FreeBSD Security Advisory FreeBSD-SA-11:05.unix)

Remko Lodder remko at elvandar.org
Mon Oct 10 20:23:11 UTC 2011


On Oct 2, 2011, at 6:11 AM, Mike Brown wrote:

> Chris Rees wrote:
>> Generally users are expected to pay attention to what is updated-- I
>> know this isn't always the easiest task, but blindly following
>> instructions is not something that is generally advocated in FreeBSD.
> 
> Generally, yes. For a security advisory, though, I don't think it's 
> unreasonable for the reader to expect that the solutions and workarounds are 
> exactly as described, with nothing left out or assumed that every system 
> administrator will know. Likewise, the advisory issuer surely expects that the 
> instructions they provide *will* be very strictly followed.
> 
> Based on my own experience, I did happen to realize that a reboot would 
> probably be needed, but since one procedure in the advisory said to reboot and 
> the other didn't, it led me to wonder if maybe there was some magic in 
> freebsd-update that obviated the need for a reboot. Apparently there's not; it 
> was just an oversight in the instructions.
> 
> Also, sometimes things go haywire after a reboot, especially after extended 
> uptime and updates to the kernel or core libraries, so I'm in the habit of 
> only shutting down when necessary. So if I don't see "and then reboot" in an 
> update procedure - and most of the time, security updates don't require it - 
> then I don't do it.
> 


Hi Mike,

I do see the point you are mentioning and I will discuss this the next time we (Security Team)
are preparing an advisory.

Thanks
Remko

-- 
/"\   With kind regards,			| remko at elvandar.org
\ /   Remko Lodder			| remko at FreeBSD.org
X    FreeBSD					| http://www.evilcoder.org
/ \   The Power to Serve		| Quis custodiet ipsos custodes



More information about the freebsd-security mailing list