[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-misc
Subject: Re: Binary patches
From: Bob Beck <beck () bofh ! ucs ! ualberta ! ca>
Date: 1999-09-27 16:48:55
[Download RAW message or body]
>Hello,
>
>Sorry, if it is obvious, but anyway:
>
>Let's assume that I have production bastion host. So it shouldn't have
>nor source code neither any development tools (yeah, I'm paranoid ;)
IMO, this is not really productive. An intruder can always
bring their own tools. You shouldn't run anything extra on a bastion
host, but tools being there isn't a big deal - If an attacker gets on
it you're dead anyway. making it difficult to administer and apply
fixes too only hurts you, not a knowledgeable attacker.
>So, how should I upgrade system to current level, or just security patches?
>
Build the patches on another machine and bring them over. That's
what I'd do.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic