[9071] in bugtraq
Re: Keeping Solaris up-to-date
daemon@ATHENA.MIT.EDU (Corey Lindsly)
Fri Jan 15 12:26:03 1999
Date: Thu, 14 Jan 1999 21:52:13 -0800
Reply-To: Corey Lindsly <corey@PHIX.COM>
From: Corey Lindsly <corey@PHIX.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199901131801.NAA27335@helix.nih.gov> from "Everett Lipman" at
Jan 13, 99 01:01:53 pm
> Is it really a good idea to run a script as root via cron from an
> NFS-mounted directory? What if someone breaks root on one machine,
> does a quick 'su' and replaces your NFS-mounted script? Seems
> they would own all 50 machines by morning.
not only that, but some Solaris patches have been known
to break systems and render them strange or unbootable
(shocking, i know). the sensible approach, instead of
automatically and blindly installing patches, might be
to test each patch on one machine before applying it
to the other 49 machines, lest you end up with 50
broken machines in the morning.
perhaps some sysadmin functions are best left semi-automated.
---corey
