[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Security Hardening Update 2.0.1 MAJOR FLAW!!!!!! ACTION REQUIRED!
- Subject: Re: [cobalt-security] Security Hardening Update 2.0.1 MAJOR FLAW!!!!!! ACTION REQUIRED!
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Fri, 16 Aug 2002 01:31:39 +0200
- Organization: SOLARSPEED.NET
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Gerald,
> There are some pkgs that are irrevocable, there are some people
> on this list that also put out some irrevocable patches. "solarspeed" or
> something like that.
Quite true. For the same reason why SHP is uninstallable:
Once SHP is installed it has replaced daemons like Apache, FTP, Sendmail,
IMAP, Qpopper, Telnet and therelike. If people did really uninstall the
package whith an uninstaller, then they'd end up without important daemons
like Apache, Qpopper, IMAP, Telnet and therelike. The server would instantly
be unuseable for whatever purpose.
So once daemons are replaced by a PKG, then it's best not to let the package
be uninstalled. Upgrading is aways possible as RPMs can still be installed
even if an older version of the same software is already present.
Deinstalling or downgrading should not be left in the hands of an automated
(and unintelligent) mechanism like an uninstaller script, but in the hands
of a capable system administrator who knows what he (or she) is doing.
FWIW: There have been other Cobalt packages in the past which also were
lacking an uninstaller for the same reasons, so SHP isn't new in that
regards.
--
With best regards,
Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer