Upgrading to OES2 SP2 using the Channel upgrade process (Online) and a YaST password answer file

  • 7005474
  • 11-Mar-2010
  • 27-Apr-2012

Environment

Novell Open Enterprise Server 2 (OES 2) Linux Support Pack 2

Situation

As described on the Upgrading to OES 2 SP2 section 5.4.5 on the Novell documentation website, it is possible to use the Patch Channel (Online) and run the upgrade process without any required user intervention, by creating a Password answer file for the YaST install.

The content of this file is obfuscated, and as such not world-readable, however the current process does not automatically delete the Password answer file once the upgrade is finished, as such leaving a potential security hole.

Resolution

When using the patch channel to upgrade (Online) in combination with a password answer file to automate any upgrades without user intervention, the administrator performing the upgrade is currently required to manually delete this file off the system after the upgrade has finished, as such preventing others from trying to 'un-obfuscate' any passwords that are stored in here.

With the next OES2 support pack release, upgrades that are performed using the patch channel (Online) upgrade mechanism and a YaST password answer file, as part of the upgrade process there will be an automated check for the existence of this file, and if found existing, will delete the same at the end of the upgrade process.

When for whatever reason it is required to run the upgrade again, the code will also prompt for any required input.