I just read the following:
ftp://ftp.legato.com/pub/NetWorker/Private/CERT/7.1.3/README.TXT
Some things about it strikes me as odd:
To install the software
1. Save a backup of the configuration files in the nsr/res directory.
2. Uninstall the current NetWorker packages. To uninstall the NetWorker
software, refer to the NetWorker installation guide appropriate for
your
operating system.
3. Install the security enhancement package. To install the package,
refer
to the NetWorker installation guide appropriate for your operating
system.
Why do I have to uninstall anything?
4. In the nsrla resource of the nsrexecd service, disable the directed
recover
option. Set the attribute to YES; the default setting is NO. To update
the
Disable the Directed Recover attribute:
a) Enter nsradmin -s <nw server> -p nsrexecd from the command line.
b) Enter 'update disable directed recover:Yes' from nsradmin program
c) Type 'y' after 'Update?'
Why? If there is indeed a patch out for something, shouldn't that be taken
care of automatically?
5. For each NetWorker server, storage node, and client, set the
NSR_BLOCK_ADMIN
environment variable to YES.
6. For each NetWorker server, set the NSR_REQUIRE_ROOT environment
variable to YES.
Again, why? Especially, why do I have to do that on EVERY client, if I'm
still supposed to patch things?
Without actually knowing exactly how this patch works, this seems like yet
another sloppy patch release, that is poorly implemented in terms of
deployment ease. I wonder if it will break anything as well. ;)
//Oscar
--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listserv.temple DOT edu or visit the list's Web site at
http://listserv.temple.edu/archives/networker.html where you can
also view and post messages to the list. Questions regarding this list
should be sent to stan AT temple DOT edu
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
|
