[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Re: security risk... is this normal?
- Subject: Re: [cobalt-users] Re: security risk... is this normal?
- From: Dmitry Alexeyev <dmi_a@xxxxxxxxxx>
- Date: Mon Mar 1 12:48:32 2004
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
I told already in maillist - PKG approach could be very harmful if you
use packages from different source.
And uninstalling isn't as bad as installing... Cause it doesn't INSTALL,
it does UPGRADE.. and that makes sence.
With upgrade you first remove the old package, and then install the new
package.
All PKGs I've seen do it forcely ignoring dependencies.
It is really dangerous, when something else depends on this package,
especially on shared libraries it provides.
"Little" change in versions from x.so.0.0.1 to x.so.0.0.2 already breaks
things. if you break this way say bzip2 libraries or libz you may lock
yourself...
Dmitry
>
> Just thinking off the top of my head, but don't most (all?) of the
> uninstallers do a "self remove" of the .uninst and the .mdtlst files
> when they are done executing, on the assumption that the preceding
> steps went as planned?
>
> If so, I guess it would be possible to run the uninstall script, have
> the RPM removal fail, but the rm of the .uninst script work ok,
> leaving you with no uninstall script for the PKG. Not life
> threatening, but makes it difficult to remove a PKG for real...