2007-08-04

ah to be a bit smarter...

I am a Bear of Very Little Brain, and long words Bother Me

I run a server which serves among other things xyz.com. Unfortunately doing this makes me an early target for every attack possible. Fortunately I don't run Windows so most attacks don't affect me. I do however have to worry about the few security issues that are found in FreeBSD. Until very recently I ran version 4.X.X as that had been good enough for many years, why change? To keep things secure I've been manually adding patches where I felt they were needed. Recently I decided to upgrade to the latest version of php5, to do so I would have had to do one of two things; a) hack php to not require getopt_long(), or b) hack libc to include getopt_long(). Unfortunately I chose "b". I built libc, I linked it into a few programs that needed getopt_long, invoked them. All was good in my world. What would you do next? Here's a hint,

    cp libc.so.4 /usr/lib
is the wrong answer if you want your system to keep running. Unfortunately it's what I did. There's no recovery from this, short of booting into single-user and restoring the file. Unfortunately when you make use of a colo facility, single user mode is a luxury you don't get because the console is far away. I'd been building up a replacement box running FreeBSD 7.0 anyhow so I decided to accelerate the schedule on the new box so I could just schedule a quick run downtown and swap the two. I've always been an optimist, what was going to be a quick and easy swap required a dozen or so hours of clean-up. The bright side of things is that I can now do the standard FreeBSD cvsup, make world, make kernel, reboot and be immediately up-to-date.

No comments:

Post a Comment