Veritas-bu

[Veritas-bu] OS upgrades (like FreeBSD 4.8) and patches: Big Problems With Veritas!!!!

2003-08-13 15:52:46
Subject: [Veritas-bu] OS upgrades (like FreeBSD 4.8) and patches: Big Problems With Veritas!!!!
From: gjohnson AT ADMWORLD DOT com (Johnson, Tony -Research)
Date: Wed, 13 Aug 2003 14:52:46 -0500
What kernel enhancements are you referring to? FreeBSD -Stable (4.8) has been 
out almost a year.  Because you can consievably cvsup a BSD machine every 
night, which in essence upgrades it,  I'm not sure how much a commercial 
software vendor would want to get into that.

Tony

-----Original Message-----
From: Christopher Jay Manders [mailto:CJManders AT lbl DOT gov]
Sent: Wednesday, August 13, 2003 2:05 PM
To: veritas-bu AT mailman.eng.auburn DOT edu
Subject: [Veritas-bu] OS upgrades (like FreeBSD 4.8) and patches: Big
Problems With Veritas!!!!




Well, now we see it.

For those that have FreeBSD, the enhancements offered in the new kernel
(encorporated from OpenBSD) are seriously good for security. I assume I need
to wait 6 months before I get my new FP4 that will have that, if any, clients
for these folks.

We need an OPEN SOURCED bpcd and bpkeyfile at least....

Here is the error:

./bin/bpcd --help

/usr/libexec/ld-elf.so.1: /usr/lib/libkvm.so.2: Undefined symbol "__stderrp"




# ldd bpcd
bpcd:
        libkvm.so.2 => /usr/lib/libkvm.so.2 (0x280ad000)
        libc.so.3 => /usr/lib/compat/libc.so.3 (0x280b3000)


ARRRGH! Any solutions out there?


TIA!

Chris


PS - if the data needed to write something were in some white papers i'd offer
to contribute coding to make this happen.













My former rant is still in motion!


Christopher Jay Manders wrote:

> I already know that what I am about to ramble on about is not very
> likely, perhaps completely impossible. Still, it is worth re-interating
> every once in a while. Especially since by not providing quick updates
> to their client software they are telling us not to upgrade or patch
> some systems...
>
> There is a point that even if the client s/w (software) was completely
> available in source form (at least the UNIX one) to the public at large
> it would be completely useless without the server, which is _not_ free
> and you would need to be able to use the client s/w anyway. This point
> should be thought about. Then, why not make the client tools, utilities,
> daemons, etc (or at least some small fraction) o/s'ed (open-sourced).
> There are great reasons to do that, and bad reasons for not. If they
> o/s'ed some select pieces then the o/s community would probably do alot
> of good to the code (cleanup, optimization and feature additions) that
> would allow Veritas to leverage free s/w development into their product.
> My experience is that pre-o/s'ed s/w is much dirtier and harder to
> maintain than o/s'ed s/w. Also, the number of bugs fixes and features
> could be _very_ worthwhile.
>
> There are several changes I'd like to make to parts of the UNIX 'bp'
> menu, and bpcd, bpmount and bpbkar as well. Also, Veritas does not act
> very fast in regards to simple library changes in OS upgrades. It really
> is too bad that select parts of the client are not o/s'ed. Sure, I
> understand that veritas needs mo'ney. Yet, you really need the rest of
> the s/w to make it work anyway, so why not o/s parts of it that may need
> to be re-built frequently (like bp) when some linked libraries change
> from version to version (like glibc, or libncurses).
>
> For example of some feature additions, 'bp' needs a way to select a set
> of files and directories in one fell swoop. Or, the MacOSX 'bundle bit'
> is not taken into account when doing incrementals, thus catching
> thousands of extra files that actually should not be being backed up
> each day. That needs to be fixed. The include and exclude files need to
> be able to be used together more powerfully. If I exclude '/' and
> .snapshot and I include /remote_mount1 (which has a .snapshot), I want
> backups to not back up those files or junk directories. Perhaps use real
> REGEX. These are simple improvements that still have not been made,
> though comments and suggestions through other channels.
>
> The practical effect by not o/s'ing the client sides is to tell the
> marketplace that you need another backup software for 'new' (and
> possibly 'patched') systems and that Veritas NBU cannot be used,
> assuming that Veritas continues to be slow to get updated client s/w out
> to folks. This is not a good statement to make. When MacOS 10.1 became
> 10.2, suddenly folks could not use the 'bp' command. That Mac 10.2
> upgrade was only a minor change (and mostly for security patch
> reasons...like the openssh issue), yet requires a whole new NBU client?
> Linux 8 and 9 are only really slightly different, too, along the same
> lines. The point is is that if Veritas cannot quickly get the client s/w
> out to folks when something changes, the situation becomes quite
> impossible for some group of people. I just cannot tell someone to NOT
> apply security patches to their system. I just _cannot_ do that, and no
> one should be forced to not update their systems with patches. Nor can I
> tell a developer that if he upgrades to RedHat 9 he will no longer be
> able to be backed up (or at least do restores with 'bp'). So, we still
> have other backup software for these systems that is not NBU. Is that
> not a tragic waste of money to need 2 s/w's to backup old and new clients?
>
> These opinions are soley mine. Flame if you will (though I can't
> unerstand why one would...). :-)
>
> Ciao!
>
> Chris
>
> >Incorrectly built binary which accesses errno, h_errno or _res directly.
> >Needs to be fixed.
> >
> >
> Example of a SECURITY improvement that needs quick attention in
> re-compiling the software!
>
> You know, there may be a few buffer overflows to certain commands. I
> have seen bpcd dump core once. I wonder if I can bust root with some
> clever buff overflow attack against some client commands. Hmmm. Might be
> FUN! I'll post more on that if I check into it.
>
> _______________________________________________
> Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
> http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu

CONFIDENTIALITY NOTICE: 
        This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is privileged, 
confidential and exempt from disclosure under applicable law.  If the reader of 
this message is not the intended recipient or the employee or agent responsible 
for delivering this message to the intended recipient, you are hereby notified 
that any dissemination, distribution or copying of this communication is 
strictly prohibited.
        If you have received this communication in error, please notify us 
immediately by email reply or by telephone and immediately delete this message 
and any attachments.  In the U.S. call us toll free at (800) 637-5843.
        Spanish, French, Quebecois French, Portuguese, Polish, German, Dutch, 
Turkish, Russian, Japanese and Chinese:  
http://www.admworld.com/confidentiality.htm.



<Prev in Thread] Current Thread [Next in Thread>
  • [Veritas-bu] OS upgrades (like FreeBSD 4.8) and patches: Big Problems With Veritas!!!!, Johnson, Tony -Research <=