SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-22-2008, 12:27 PM
| ||||
| ||||
 Re: system auto security update over night On Mon, May 15, 2006 at 09:23:18PM +0000, Steffen Wendzel wrote: > hi, > > it would be damn cool if openbsd systems could apply security > patches via cronjob at night. It would also be a great way to create all sorts of horrible stuff. Discounting patches that actually change program behaviour, you are aware that neither DNS, HTTP or FTP is secure, where the last two are particularly insecure if the first is controlled? (I.e. ftp.openbsd.org could point anywhere.) You do try to use FTP further down... > I think about writing such a update tool but there is one > big problem. Here are the steps I would use: > > * the host needs the source code on the in some dir (not > a real problem, because the user can tar -xzf the source > from the CD or FTP) > > * the tool has to find out about new patches (-> check ftp > patch directory for new entries) There are some RSS feeds, too; VuXML, on Undeadly, holds vulnerability information for (some) ports; etc. > * the tool has to download the patch (no problem too using > cvs up -d). > > * the tool has to build and re-install the patch. this is > a problem because the commands needed to build a program > are different. e.g. some programms need a different > Makefile or additional 'make <xyz>' calls. > > * the kernel patch+rebuild is no problem. I would send > root a mail including the information that the new kernel > is installed but that a reboot is needed. > > Is there any way to get the needed commands to apply a patch? > I know the needed commands are in top of the patch files > in the lines that start with a tab character but there are > some lines including comments like 'And then rebuild your > kernel.' that aren't very useful. It would be great if there > was such a line: > > commands=cd /usr/src && patch -p0 < 015_tcp.patch && \ > cd $KERNELDIR && make clean depend && make && make install > > the last line could also be something like: > > REBUILD_KERNEL > > ($KERNELDIR could be an internal variable set in the config > of the update tool) > > If the patches would be in that form, it would be much > easier to create such an update tool. This doesn't look like a particularly good idea to me, FWIW. Joachim      |
 |
« Re: system auto security update over night
|
Offres gratuites : cartes de visite, tampons encreurs et plus »
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT. The time now is 03:07 AM.
