In message <92172.970683298@winston.osd.bsdi.com> Jordan Hubbard writes:
: > I think that we can do a lot with cvsupd. I've used cvsupd to grab
: > binaries on an experimental basis and it seems to work great. I've
:
: Hmmm. Does cvsupd also move a target out of the way if it already
: exists and it's in the process of replacing it? What if the target is
: chflag'd but can be unprotected at the current security level?
:
: What I'm trying to say is that if you have "/sbin/init" and cvsupd is
: about to replace it, I would expect the steps to be something like
: this:
:
: Receive new init as /sbin/init.${pid} (or something)
: |
: |<--------------------------------------------+
: | Yes |Yes
: \/ No | No
: Mv /sbin/init.${pid} /sbin/init --> chflags noschg /sbin/init --> Fail
: |
: | Yes
: \/
: Done
:
: If cvsupd does that or can be gimmicked to do that (add
: --potentially-hose-me flag? ;) then I'd say it's a serious
: contender for being part of a binary update process.
I don't know. I seem to recall that jdp told me at the talk I gave
last year that it just wipes the flags completely and doesn't honor
them.
I think it deals well with this, but I've not tried to replace init on
a running system. Given that the Pluto upgrade went well, I'd expect
the answer is yes, it works.
Warner
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message