From owner-freebsd-security@FreeBSD.ORG Sat Oct 1 22:37:49 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A0A09106564A for ; Sat, 1 Oct 2011 22:37:49 +0000 (UTC) (envelope-from utisoft@gmail.com) Received: from mail-wy0-f182.google.com (mail-wy0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id 2DFDF8FC0A for ; Sat, 1 Oct 2011 22:37:48 +0000 (UTC) Received: by wyj26 with SMTP id 26so2863142wyj.13 for ; Sat, 01 Oct 2011 15:37:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:from:date :x-google-sender-auth:message-id:subject:to:cc:content-type :content-transfer-encoding; bh=zPbk02HFPIzTcuVvHdug/tkjCGGtYU6cT8oC8R4F7CI=; b=ih7KuFodvR+l8uNQVi6twu4EUDG9eOVCnWO3wEJRdrxpbF7iyUE+C7OQ7RCYDDknfp 1CLpnm5Df6RImXrQl0P6WHE5whd4hormPTqm7NWbccA1ZzyneOsTguDa5Yk8KebD8EV6 aWjeuuYwS5it/+8a1P4tD5UCqtpkmivxga1VQ= Received: by 10.216.167.194 with SMTP id i44mr1532286wel.5.1317507189067; Sat, 01 Oct 2011 15:13:09 -0700 (PDT) MIME-Version: 1.0 Sender: utisoft@gmail.com Received: by 10.216.90.12 with HTTP; Sat, 1 Oct 2011 15:12:39 -0700 (PDT) In-Reply-To: <808B16DD-6AC6-438D-B2AE-895C5875EFC5@anduin.net> References: <201110010410.p914Ap3F001617@chilled.skew.org> <4E86A12E.3070600@FreeBSD.org> <808B16DD-6AC6-438D-B2AE-895C5875EFC5@anduin.net> From: Chris Rees Date: Sat, 1 Oct 2011 23:12:39 +0100 X-Google-Sender-Auth: vwHvdHMT4M-naqqIhGYcoYy2Cmo Message-ID: To: =?ISO-8859-1?Q?Eirik_=D8verby?= Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org, Doug Barton , Eitan Adler , Mike Brown Subject: Re: FreeBSD Security Advisory FreeBSD-SA-11:05.unix X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Oct 2011 22:37:49 -0000 2011/10/1 Eirik =D8verby : > On Oct 1, 2011, at 07:12, Doug Barton wrote: > >> On 09/30/2011 21:10, Mike Brown wrote: >>> Eitan Adler wrote: >>>>> do I reboot for this one, or not? >>>> The kernel is changed, so yes. >>> >>> Thanks. I had guessed a reboot was needed, but the advisory only mentio= ned a >>> reboot in the context of building the kernel from sources. Hopefully, w= hen a >>> reboot is required, future advisories will mention it in the freebsd-up= date(8) >>> instructions. >> >> When would a reboot not be needed for a kernel change? > > Try this: When freebsd-update doesn't actually tell you to reboot. > > I would expect freebsd-update to inform me that I need to reboot if anyth= ing in /boot (or at least /boot/kernel) was touched. In particular when /bo= ot/kernel/kernel was touched. I know I've been told by freebsd-update to do= a two-stage update in the past (freebsd-update install, reboot single-user= , freebsd-update install again) - I had expected it to do the same this tim= e, but it didn't on any of the dozen-and-a-half systems I ran it on. > > When looking at the list of files changed between 8.2-RELEASE-p2 and -p3,= the /boot/kernel/kernel is easily missed among them. It's easily concievea= ble that a system gets patched and then not rebooted for months in a case l= ike this. > Generally users are expected to pay attention to what is updated-- I know this isn't always the easiest task, but blindly following instructions is not something that is generally advocated in FreeBSD. Chris