Re: Hardening, (was Re: chroot useful?)

[Craig Brozefsky <craig () onshore com>]

On Sun, 23 Nov 1997, Petri Virkkula wrote:

> > > > > > "Craig" == Craig Brozefsky <craig () onshore com> writes:
>
>       I think one should not need manual pages. IMHO it is bad thing
>       to make "small fixes" to online system in the production
>       environment. I have made and seen others make such fixes many
>       times, causing bigger bugs than those I was "fixing".

Sure, I agree, but it seems that reality seldom bends to my wishes, and 
therefor I often am making changes on production machines.  Client's 
don't wanna buy the test machine, some droid forgot to properly synch the 
test machine with the real machine, the client has an installation in 
place already and I have to manage it now.  Any one of a million reasons 
that I have to actually make a change on a production machine without 
being able to go back to the office and make it on the test machine, then 
run the test machines thru an equal amount of traffic, with the same 
patterns as the "real" machine etc... etc...  Sometimes that is not even 
possible.

Not having man pages is a rather ridiculous "precaution" if you can even 
call it that.

>       I think changing things should be done and tested in a test
>       environment where you can have for example another machine
>       with all manual pages you need.

I think the same thing too.

Craig Brozefsky              craig () onshore com
onShore Inc.                 http://www.onshore.com/~craig
Development Team             p_priority=PFUN+(p_work/4)+(2*p_cash)
I hear my inside, the mechanized hum of another world - Steely Dan