the combination of a few postings to bugtraq in the last two or three days triggered my sense of irony. i think there's a small lesson in there somewhere as well. earlier this week, as part of the "sun almost has a clue" thread, the following caught my eye -- casper dik replied to a posting with the comment: Since tehre's no such thing as Solaris 2.7, I'm surprised it works tehre. Did you perhaps try it on the beta? strictly speaking, of course, he's right -- some marketroids at sun chose not to call this release of solaris by its obvious name. there are, however, consequences to this. in particular, the operating system is still called SunOS 5.7 (at least, it is according to uname -a) even though the whole package isn't called "solaris 2.7". shortly after casper's post, bruce barnett started a small thread when he posted his "CheckPatches" utility -- a couple of scripts that examine the local system, ftp to sun, fetch the relevant patch report, and then produce a listing of existing security patches that are not installed on the local system. it seemed like a nice idea, so i decided to test it. my test machine is my desktop box, which is running (in deference to sun purists) 5.7. of course, it doesn't work. the sun patch reports are in files with filename SolarisXX.PatchReport where XX is the version of solaris. not surprisingly, bruce's script calculates XX by subtracting 3 from the output of uname -r. this works for all versions of solaris but _not_ solaris "2.7", since the patch reports are in Solaris7.PatchReport and so the script fails. this morning, my morning mail had a bugtraq posting from ronan waide containing a utility _he_ wrote which purports to do about the same thing. his version uses the XX_Recommended.README files and contains the following code: # Gah. SunOS $osver is 5.x instead of Solaris' 2.x. I guess subtract 3... $osver = $osver - 3 if ( $os eq 'SunOS' ); so it's entirely possible (i don't see a solaris 7 Recommended.README file so i can't be sure) that this will break as well. john riddoch mentioned sun's "patchdiag". i took a fast look at that and found that - it's not available in source - it's over a megabyte in size (even after throwing away the redundant copy of its own tar file that sun kindly includes in the kit) - it can produce misleading results: on my just-installed 5.7 system, it tells me: Patch Ins Lat Age Require Incomp Synopsis ID Rev Rev ID ID ------ --- --- --- --------- --------- ---------------------------------- All security patches installed! when there are at least two that are outstanding. i don't know that this is at all related to the "version number" issue, but it's not a particularly good sign. that's a lot of words for not much, but i think it's a small sort of cautionary tale: in less than two days, two security tools have been posted which require rewrites because of a marketing decision to change the relationship between the operating system version numbers and the label on the packaging. how many other things will break? wait and see, i guess. rick pim rickat_private information technology services (613) 533-2242 queen's university, kingston
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:28:04 PDT