christopher heiser <christopher AT heiser DOT net>
Date Published: November 21st, 2002
home
archive
rss feed
heiserlink

nürburgring
for dummies
about me
public key

Why UNIX Sucks (or, Why Security Fixes Can Kill)

So I hadn't gotten around to patching one of my OpenBSD boxes for the latest hole in the DNS server named until tonight. I grab the patch, fetch the source, patch, compile and install. While CVS is a little brain damaged, I finally manage to get the package built. Unfortunately, the service won't start. To make a long story short, I realized about an hour later that I don't use named (the default install with OpenBSD) but instead I use BIND 9. This is a somewhat subtle difference, as both of the programs are invoked by running named in /etc/rc.local. If I were a full-time admin I would have caught this before I screwed up, but that's the point, right? There aren't two versions of IIS on my Windows box that happen to have the same name. I mean, when you have to fish thought /var/log/messages to determine which version of the software you're running, it's just too easy to make stupid mistakes like this one. Interestingly, when I re-installed BIND, the package installed the executable in a different directory (/usr/local/sbin, not /usr/sbin) than before. Weird. Well, at least the damn thing is working again. Serves me right for trying to keep my machine up to date.

I am sure more serious UNIX folk will laugh this one off as Yet Another Lame UNIX Poser move, but I submit that it's still a stupid system. Name the damn binaries something different, if only for the sake of style. I put comments in my rc.local to remind me the next time.

After 108 days of uptime, maybe the ol' girl needed a good bounce. Everything seems to run a bit faster now...

by Christopher Heiser on November 21 02:05
© Copyright 1992-2020, Christopher Heiser. All rights reserved. Powered by Chlogger!