current-users: Re: /rescue, crunchgen'ed?

Subject: Re: /rescue, crunchgen'ed?
To: Richard Rauch <rauch@rice.edu>
From: Matthew Orgass <darkstar@pgh.net>
List: current-users
Date: 09/01/2002 22:14:17
On Sat, 31 Aug 2002, Richard Rauch wrote:

> I'm sure you can find a few machines for which this acttuall matters.
> Crunchgen may be preferable for them.  They may even want their / to have
> crunchgen binaries (from the numbers someone listed, I think that that
> saves even more space than shared, yes?).  People in such "extreme"
> environments will presumably want or need to do some extra work to get
> things working anyway; a default setup that they can override (and which
> doesn't actively impede them installing a working system) seems like the
> appropriate response, to me.

  The real question is, what do you gain by not crunching them?  If you
are afraid something will happen to /rescue, copy it.  You should be able
to make at least five copies in less space than the uncrunched version
would take, and this would be five complete copies of everything.  If you
are worried that it will suddenly stop working, run a boot or cron job to
test it.  Wasting space for no good reason is never a good policy, no
matter how much you have available.

  Note also that simply testing new /lib libraries before installing them
will prevent 90% of the problems that /rescue is needed for (or,
alternately, keeping a "last known good" copy of the libraries to use in
case the new libraries fail).  This can easily be done with the current
system.  An easy way to test a new linker on a running system would
prevent just about all of the rest (this would be a fairly simple script
that I imagine someone has already written).  A static binary that lets
you exec a binary with an alternate interpreter would allow you to recover
with a backup linker and libraries (and would let you use all system
binaries, not just a few).

  IMO, a standard test-and-install method should be agreed upon and
mentioned in security advisories.

  There are plenty of ways to improve system updates.  If people spent
half the time working on real problems as they did on these threads,
/rescue would already be unnecessary and the system would be even more
reliable than it is now.

Matthew Orgass
darkstar@pgh.net