Re: [cobalt-security] Security Hardening Update 2.0.1 - thoughts

[Eugene Crosser <crosser@xxxxxxxxxxx>]

On Fri, 2002-08-16 at 11:52, Michael Stauber wrote:

> > Well, theoretically it is not impossible to save all replaced files in a
> > safe place (== directory unique to this package), together with
> > checksums of _replacing_ files.  Then the uninstaller could restore the
> > files from backup, and do it only if they where not replaced by yet
>                                                        ~~~~~~~~~~~~~~~~~~~~~
> > another package in the meantime.
> 
> Exactly that's the point, Eugene. The thing is as follows:
> 
> The underlying OS on the Cobalt's is an RPM based Linux distribution. You can 
> install and uninstall RPM packages at leizure - as often as you want. 
> 
> Ok, lets say we install the package Neomail-1.20-1.PKG which contains the RPM 
> file neomail-1.2.5-1.noarch.rpm. When you install a PKG file (which contains 
> one or more RPMs), then the RPMs are deleted after installation as they are 
> no longer needed. That's a standard procedure of the PKG installation process 
> designed by Cobalt.

Right, I see the point.
Then, I can suggest an intermediate solution, not too hard to implement,
that could save the a$s of a sysadmin who would desperately need to
"rollback" the recent update.  Let's call it "rollback advisor".

The package installer could create a list of RPMs that it is going to
replace, with exact versions, and save it in a file in a safe place,
together with a script that would undo any changes in the config files
(if necessary).  Then a desperate sysadmin would at least know which
exactly RPMs to download.  Could be a right thing to do at least in the
packages that do "heart surgery" on the system, like that one we are
discussing.

> FWIW: Windows 2000 Service Pack 3 can't be uninstalled either. ;o)

"Windows 2000 Service Pack"?  What's that?  Some fancy set of brushes
and cleaning liquid? ;-)

Eugene