From owner-freebsd-security@FreeBSD.ORG  Sun Aug 19 12:33:15 2012
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 9F2EF106566C;
	Sun, 19 Aug 2012 12:33:15 +0000 (UTC) (envelope-from jilles@stack.nl)
Received: from mx1.stack.nl (relay04.stack.nl [IPv6:2001:610:1108:5010::107])
	by mx1.freebsd.org (Postfix) with ESMTP id 33DB48FC08;
	Sun, 19 Aug 2012 12:33:15 +0000 (UTC)
Received: from snail.stack.nl (snail.stack.nl [IPv6:2001:610:1108:5010::131])
	by mx1.stack.nl (Postfix) with ESMTP id 4E6DF1DD6A5;
	Sun, 19 Aug 2012 14:33:14 +0200 (CEST)
Received: by snail.stack.nl (Postfix, from userid 1677)
	id 2B56F2847B; Sun, 19 Aug 2012 14:33:14 +0200 (CEST)
Date: Sun, 19 Aug 2012 14:33:14 +0200
From: Jilles Tjoelker <jilles@stack.nl>
To: Dag-Erling =?iso-8859-1?Q?Sm=F8rgrav?= <des@des.no>
Message-ID: <20120819123313.GA72985@stack.nl>
References: <0B65D7562F9DA04FAC3F15C508BF67136B90E09E1F@ESESSCMS0355.eemea.ericsson.se>
	<001701cd7648$c2520350$46f609f0$@com>
	<5024f984.45ca320a.1838.4155SMTPIN_ADDED@mx.google.com>
	<CAC8HS2FU1hrbh_m4P6h+SpUAJREfCeynHPD3QnNx6XuzSb3T-g@mail.gmail.com>
	<86pq6xs0zb.fsf@ds4.des.no>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <86pq6xs0zb.fsf@ds4.des.no>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: freebsd-security@freebsd.org, Roberto <robertot@redix.it>,
	"Simon L. B. Nielsen" <simon@FreeBSD.org>
Subject: Re: getting the running patch level
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 19 Aug 2012 12:33:15 -0000

On Sat, Aug 11, 2012 at 09:05:44PM +0200, Dag-Erling Smørgrav wrote:
> "Simon L. B. Nielsen" <simon@FreeBSD.org> writes:
> > This has been discussed a number of time, but there are no nice and
> > simple solution.

> There is a simple solution that, while not bulletproof, would work well
> enough in most cases: have 'make installworld' create /etc/issue, which
> would look like this:

>   FreeBSD 9.0-RELEASE-p4 amd64/amd64

I think the idea of having 'make installworld' create something is good,
but we should not hard-code policy by writing the information into a
file that may be shown to unauthenticated users (such as by getty).

A new file with a name=value format somewhat like /etc/lsb-release on
Linux seems more appropriate. If the admin wants /etc/issue,
/etc/rc.d/motd can create it.

The new file is not a configuration file and tools like mergemaster and
freebsd-update must not bother the admin about it. If all files under
/etc are considered "configuration files", then perhaps a different
location is better.

-- 
Jilles Tjoelker