[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: comp34.tgz necessary on a firewall?

To: misc@openbsd.org
Subject: Re: comp34.tgz necessary on a firewall?
From: Lars Hansson <lars@unet.net.ph>
Date: Mon, 03 Nov 2003 11:21:38 +0800
References: <20031023001550.437ced80.cp@teamrci.net> <200311010220.14747.e.conti@gmx.net> <3FA3BC08.3090704@houston.rr.com> <200311011740.06980.e.conti@gmx.net>

On Sun, 2003-11-02 at 00:40, e.conti@gmx.net wrote:
> Therefore, it seems necessary to have a compilator installed on the system. 
> This is, in my opinion, a very bad idea for a firewall (even if it's a 
> bastion-type firewall).

In the grand scheme of things it really doesnt make that big a
difference. If someone has unauthorized access to your firewall the
availability of compiler tools are the least of your problems.

> Do I really need to install the comp34.tgz package on my firewall to keep it 
> up-to-date?

No, not if you have another machine to build the system and the ports
on.

>  Aren't patches available in a package/binary form?

No, but there might be updated packages available if the bug in question
was in a port.

> How do you guys cope with this problem? Do you apply patches on another 
> computer and transfer the binary files to the target computers later?

Either that or keep a compiler on the firewall.

-- 
Lars Hansson <lars@unet.net.ph>

References:
- Re: Where can I set environnement variables?
  - From: Rick Barter <rvb@houston.rr.com>
- comp34.tgz necessary on a firewall?
  - From: e.conti@gmx.net

Prev by Date: Re: (g)cc errors
Next by Date: Re: Installing midnight commander (mc) on 3.3
Prev by thread: Re: comp34.tgz necessary on a firewall?
Next by thread: ipsec tunnel mode help...
Index(es):
- Date
- Thread