From owner-freebsd-security@FreeBSD.ORG Tue Aug 12 13:06:30 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9159137B401 for ; Tue, 12 Aug 2003 13:06:30 -0700 (PDT) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id D7C3443F75 for ; Tue, 12 Aug 2003 13:06:29 -0700 (PDT) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (verified OK)) by gw.celabo.org (Postfix) with ESMTP id 6BB465482B; Tue, 12 Aug 2003 15:06:29 -0500 (CDT) Received: by madman.celabo.org (Postfix, from userid 1001) id EB9136D473; Tue, 12 Aug 2003 15:06:28 -0500 (CDT) Date: Tue, 12 Aug 2003 15:06:28 -0500 From: "Jacques A. Vidrine" To: Chris Odell Message-ID: <20030812200628.GD51604@madman.celabo.org> References: <009d01c360df$d2afb590$9f8d2ed5@internal> <000201c360e4$9a450390$0304a8c0@delllaptop> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <000201c360e4$9a450390$0304a8c0@delllaptop> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.4i-ja.1 cc: "'Devon H. O'Dell'" cc: security@freebsd.org Subject: Re: realpath(3) et al X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Aug 2003 20:06:30 -0000 On Tue, Aug 12, 2003 at 08:15:41AM -0700, Chris Odell wrote: > > Corporations - INTERNET Companies... > > If you look at the big picture, having a O.S. that has been audited > for issues would actually be cost effective for them. Having to patch a > machine that is in service causes downtime. > > Lets see - > > Each machine takes ten (10) minutes of human work to drop into single > user mode and install new binaries/kernels > > The company has one thousand (1000) machines > > That comes to ten thousand (10000) minutes, broken down to hours - 167 > Hours > > The average admin say is making forty five (45) dollars a hour - over > $7000.00 - not including taxes paid by employer. > > So if one hundred fifty companies donated one thousand dollars (1000) > it would save them downtime, payroll, and taxes. > > Just a rough estimate and my 2 cents Not to discount your actual point (auditing for issues may be cost effective), but this may be a poor example. We (Verio) have huge numbers of FreeBSD servers, but distributing an upgrade is fairly painless... particularly if it is a new kernel. We don't need anywhere near 10 minutes of human time per machine. I'm pretty sure other hosting companies (or other companies with beaucoup servers) likewise have this corner of operations down to a science. Cheers, -- Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se