[Ti] Advice Re: Security Update/!st Time App Launch Issue

[Chris Olson]

On Sep 26, 2004, at 12:17 PM, Norman Cohen wrote:

> It sounds as though one has to either reboot or look through the bom 
> file that came with the updates to determine which components were 
> updated. If the daemon is handled through the new mechanism then the 
> sudo kill -HUP <daemon> approach needs to be done, as best I can tell. 
> Thanks for any additional info!

Pretty much spot on.  Keep in mind that I don't do updates just because 
they're there.  I first determine that it's really necessary for my 
installation, then determine what's going to be affected before I click 
"OK, let's do it".

There's occasionally blunders, like the last one with the disabled FTP 
daemon.  I actually got a laugh out of that one - Apple secured the 
daemon in a quite novel way - don't link the binary with libpam and 
make it so *nobody* can log on.  But before I installed that update I 
had backed up my old binary.  When lukemftpd got replaced with tnfptd, 
and I found out it didn't work, I made a decision: I use ftp at the 
command line to move stuff around so I needed it.  I can either:

1.) shut it off because it's not secure, and in the meantime switch to 
using rsync while I wait for Apple to fix their blunder

2.) evaluate whether or not my old binary is really going to expose my 
machine(s) to exploit, and if not, drop the old one back in.

I chose option 2 because I decided it wasn't a big deal.  Meanwhile, 
the update required a system reboot, but I never did reboot it.  I shut 
down my ftp daemon, dropped in the old binary, and restarted lukemftpd 
again.  All this was done on my PowerBook, so I knew well ahead of time 
what would happen on the production machines.  I just left them as is 
and waited for the second update, which I again verified on my 
PowerBook.  Once I found out that one was kosher I clicked "OK, let's 
go" on the production machines.
--
Chris