[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-misc
Subject:    Re: Binary patches
From:       Bob Beck <beck () bofh ! ucs ! ualberta ! ca>
Date:       1999-09-27 16:48:55
[Download RAW message or body]


>Hello,
>
>Sorry, if it is obvious, but anyway: 
>
>Let's assume that I have production bastion host. So it shouldn't have
>nor source code neither any development tools (yeah, I'm paranoid ;)

       IMO, this is not really productive. An intruder can always
bring their own tools. You shouldn't run anything extra on a bastion
host, but tools being there isn't a big deal - If an attacker gets on
it you're dead anyway. making it difficult to administer and apply
fixes too only hurts you, not a knowledgeable attacker.

>So, how should I upgrade system to current level, or just security patches?
>
	
	Build the patches on another machine and bring them over. That's
what I'd do.

[prev in list] [next in list] [prev in thread] [next in thread]