[1610] in Release_7.7_team
8.2.17 risk analysis
daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue Jan 26 18:51:11 1999
Date: Tue, 26 Jan 1999 18:51:03 -0500
From: Greg Hudson <ghudson@MIT.EDU>
To: release-team@MIT.EDU, jis@MIT.EDU
Per the release team meeting today, I have analyzed the risk of
running with 8.2.17 packs on a non-updated 8.2.15 system. The number
of dependencies between patches was quite low, but more patches than I
expected had both local and remote files. I uncovered a small number
of additional problems, found some programs I can't easily test, and
determined the rest of the inconsistencies to be nonproblematic or
obscure.
First, a list of the known problems. An administrator can run
/afs/dev.mit.edu/project/release/unscrew-8.2.17 as root (no reboot
necessary) to solve all of these without updating. (I've tested the
updated unscrew script, of course.)
* at, atrm, atq, and crontab do not work (crontab -l works,
but using it to update a crontab does not) unless the bsm
shared library is updated.
* ld and elfdump do not work unless a couple of library
symlinks are installed in /usr/lib the elf shared library is
updated.
Second, a list of the potential risks. These are programs which could
depend on updated local files but which I have no good way of testing.
* Some NIS programs (nismkdir, nistest, nis_cachemgr, nisinit,
nisbackup, nisrestore, and rpc.nisd) could fail to work.
* mailstats (a sendmail auxiliary program) could conceivably
not work if there were any changes to the sendmail
statistics file format.
* The native lp and lpstat programs could conceivably not
work. lpstat runs as far as printing no output. This
doesn't affect Athena printing or Athena print spoolers.
----- What follows is optional reading -----
Third, an inventory of all the patches which looked at all likely to
cause dependencies between remote and local files. This is included
so that people can, if they want, find out what I dumped into the
"obscure" or "non-problematic" category.
* 105181-11 (the kernel update patch) updates two remote files
which are not C header files:
/usr/kernel/drv/ksyms
/usr/lib/adb/thread
The first file implements the /dev/ksyms device which
provides the current set of kernel symbols. It has no
dependencies on local files that I can determine. The
second one would presumably be related to debugging threaded
programs under adb, which qualifies as obscure.
* 105393-07 (the at & cron utility patch) updates four remote
programs (at, atrm, atq, and crontab) and requires
105621-04, which updates the local file /kernel/sys/c2audit
and the local bsm shared library.
* 105393-03 (the sendmail patch) updates six remote programs
(aliasadm, mailcompat, mailstats, mconnect, and vacation) in
addition to the local sendmail binary. aliasadm is a
NISism; mailcompat looks obscure; mconnect and vacation
should not have any sendmail version dependencies.
* 105401-16 (the libnsl and NIS+ commands patch) updates
several NIS programs (nismkdir, nistest, nis_cachemgr,
nisinit, nisbackup, nisrestore, rpc.nisd) in addition to
the local nsl shared library.
* 105490-07 (the linker patch) updates several programs in
/usr/bin (ar, dump, elfdump, gprof, ld, mcs, nm, size, and
strip) and two programs in /usr/xpg4/bin (ar and nm) in
addition to local files /etc/lib/ld.so.1,
/etc/lib/libdl.so.1, and the local shared ld, dl, and elf
shared libraries. Testing yields:
- ar t, ar x, and ar cru seem to work.
- dump with a few options (-c, -l, -r) seems to work.
- elfdump does not work (can't open liblddbg).
- gprof appears to work.
- ld does not work.
- mcs appears to work.
- nm appears to work.
- size appears to work.
- strip appears to work.
* 105621-09 (the libbsm patch) updates the local bsm shared
library and some remote programs (allocate, audit,
auditconfig, auditd, auditreduce, deallocate, praudit). I
don't think any of this functionality is in use in our
environment.
* 105755-07 (the libresolv et al patch) updates the local
resolv shared library and two remote programs (nslookup and
nstest). Both programs appear to work fine (and Athena
provides its own nslookup sooner in the path anyway).
* 105800-05 (the admintool y2000 patch) updates the program
admintool and requires 106125-05, which updates the local
programs patchadd and patchrm. admintool is not very useful
on private Athena Sun machines, we have 106125-04, and
106125-05 appears to have been a small bugfix without new
features, so this shouldn't be a concern.
* 105802-07 (the OpenWindows ToolTalk patch) updates the local
tt shared library and two programs (rpc.ttdbserverd and
ttsession). I claim that tooltalk counts as obscure.
ttsession appears to run as far as complaining about another
session running; I don't know how to test it more than that.
* 106235-02 (the lp patch) updates the local print shared
library and a couple of local files under /usr/lib/print
(bsd-adaptor/bsd_lpsched.so.1 and in.lpd) as well as the two
remote programs lp and lpstat.
* 106650-03 (the mailtool attachment security patch) updates
/usr/openwin/bin/mailtool and requires 106648-01 and
106649-01, which update the local ce and desktop shared
libraries. mailtool (only useful for people with locally
spooled mail, of course) appears to start up and work okay.