[9058] in bugtraq
Re: Keeping Solaris up-to-date
daemon@ATHENA.MIT.EDU (Everett Lipman)
Fri Jan 15 00:37:53 1999
Date: Wed, 13 Jan 1999 13:01:53 -0500
Reply-To: Everett Lipman <lipman@HELIX.NIH.GOV>
From: Everett Lipman <lipman@HELIX.NIH.GOV>
To: BUGTRAQ@NETSPACE.ORG
> From: John RIddoch <jr@SCMS.RGU.AC.UK>
> Subject: Keeping Solaris up-to-date
>
> To carry on the thread of keeping Solaris patched, I wrote a script to
> automatically update a systems patches overnight via cron.
[...]
> The script (and associated patches) should reside in an NFS-mounted directory
> so that they can be updated centrally (that was the reason for writing the
> script in the first place).
[...]
> The script has no output unless an error occurs, so you don't get the entire
> patchadd output from 50 machines every time you add a patch.
Is it really a good idea to run a script as root via cron from an
NFS-mounted directory? What if someone breaks root on one machine,
does a quick 'su' and replaces your NFS-mounted script? Seems
they would own all 50 machines by morning.
Everett Lipman (lipman@helix.nih.gov)
