[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Security Hardening Update 2.0.1 - thoughts
- Subject: Re: [cobalt-security] Security Hardening Update 2.0.1 - thoughts
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Date: 16 Aug 2002 13:06:04 +0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Fri, 2002-08-16 at 11:52, Michael Stauber wrote:
> > Well, theoretically it is not impossible to save all replaced files in a
> > safe place (== directory unique to this package), together with
> > checksums of _replacing_ files. Then the uninstaller could restore the
> > files from backup, and do it only if they where not replaced by yet
> ~~~~~~~~~~~~~~~~~~~~~
> > another package in the meantime.
>
> Exactly that's the point, Eugene. The thing is as follows:
>
> The underlying OS on the Cobalt's is an RPM based Linux distribution. You can
> install and uninstall RPM packages at leizure - as often as you want.
>
> Ok, lets say we install the package Neomail-1.20-1.PKG which contains the RPM
> file neomail-1.2.5-1.noarch.rpm. When you install a PKG file (which contains
> one or more RPMs), then the RPMs are deleted after installation as they are
> no longer needed. That's a standard procedure of the PKG installation process
> designed by Cobalt.
Right, I see the point.
Then, I can suggest an intermediate solution, not too hard to implement,
that could save the a$s of a sysadmin who would desperately need to
"rollback" the recent update. Let's call it "rollback advisor".
The package installer could create a list of RPMs that it is going to
replace, with exact versions, and save it in a file in a safe place,
together with a script that would undo any changes in the config files
(if necessary). Then a desperate sysadmin would at least know which
exactly RPMs to download. Could be a right thing to do at least in the
packages that do "heart surgery" on the system, like that one we are
discussing.
> FWIW: Windows 2000 Service Pack 3 can't be uninstalled either. ;o)
"Windows 2000 Service Pack"? What's that? Some fancy set of brushes
and cleaning liquid? ;-)
Eugene