NetBSD Problem Report #43357

From dholland@eecs.harvard.edu  Tue May 25 23:02:49 2010
Return-Path: <dholland@eecs.harvard.edu>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id 96CF263B873
	for <gnats-bugs@gnats.NetBSD.org>; Tue, 25 May 2010 23:02:49 +0000 (UTC)
Message-Id: <20100525230143.4E8DFFADB@tanaqui.eecs.harvard.edu>
Date: Tue, 25 May 2010 19:01:43 -0400 (EDT)
From: dholland@eecs.harvard.edu
Reply-To: dholland@eecs.harvard.edu
To: gnats-bugs@gnats.NetBSD.org
Subject: initial security run output is too large
X-Send-Pr-Version: 3.95

>Number:         43357
>Category:       misc
>Synopsis:       initial security run output is too large
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    martin
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Tue May 25 23:05:00 +0000 2010
>Last-Modified:  Wed May 26 09:48:51 +0000 2010
>Originator:     David A. Holland
>Release:        NetBSD 5.1_RC2
>Organization:
>Environment:
System: NetBSD amberdon 5.1_RC2 NetBSD 5.1_RC2 (GENERIC) #0: Fri May 21 00:29:51 UTC 2010  builds@b7.netbsd.org:/home/builds/ab/netbsd-5-1-RC2/amd64/201005210534Z-obj/home/builds/ab/netbds-5-1-RC2/src/sys/arch/amd64/compile/GENERIC amd64
Architecture: amd64
Machine: x86_64
>Description:

The initial security run output after installing a new machine is some
32,000 lines. Nobody will ever page through this, so if bad stuff gets
in on the first day it will never be detected.

About 80% of this is the first diff, against /dev/null, of ~every file
in /etc; most the rest is "Device additions" for every device in /dev.

>How-To-Repeat:

Install. Actually read root's mail.

>Fix:

sysinst should preload /var/backups; moreover, it should do it with
the original distribution versions of things, so the user's config
changes *are* reflected in the first nightly security mail and so the
distribution versions are available for reference. This would have a
number of additional benefits beyond reducing the mail size.

>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: misc-bug-people->martin
Responsible-Changed-By: martin@NetBSD.org
Responsible-Changed-When: Wed, 26 May 2010 09:48:51 +0000
Responsible-Changed-Why:
good idea


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.