Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1999_1

Bugtraq archives for 1st quarter (Jan-Mar) 1999: Re: Keeping Solaris up-to-date

Re: Keeping Solaris up-to-date

Everett Lipman (lipmanHELIX.NIH.GOV)
Wed, 13 Jan 1999 13:01:53 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dylan Loomis: "NIS and NIS+ ephemeral ports"
Previous message: Wietse Venema: "Re: Tracing by uid u after root does setuid(u)"
Maybe in reply to: John RIddoch: "Keeping Solaris up-to-date"
Next in thread: Corey Lindsly: "Re: Keeping Solaris up-to-date"

> From: John RIddoch <jrSCMS.RGU.AC.UK>
> Subject:      Keeping Solaris up-to-date
>
> To carry on the thread of keeping Solaris patched, I wrote a script to
> automatically update a systems patches overnight via cron.
  [...]
> The script (and associated patches) should reside in an NFS-mounted directory
> so that they can be updated centrally (that was the reason for writing the
> script in the first place).
  [...]
> The script has no output unless an error occurs, so you don't get the entire
> patchadd output from 50 machines every time you add a patch.

Is it really a good idea to run a script as root via cron from an
NFS-mounted directory?  What if someone breaks root on one machine,
does a quick 'su' and replaces your NFS-mounted script?  Seems
they would own all 50 machines by morning.


Everett Lipman (lipmanhelix.nih.gov)

Next message: Dylan Loomis: "NIS and NIS+ ephemeral ports"
Previous message: Wietse Venema: "Re: Tracing by uid u after root does setuid(u)"
Maybe in reply to: John RIddoch: "Keeping Solaris up-to-date"
Next in thread: Corey Lindsly: "Re: Keeping Solaris up-to-date"