Date: Sat, 1 Oct 2011 23:12:39 +0100 From: Chris Rees <crees@freebsd.org> To: =?ISO-8859-1?Q?Eirik_=D8verby?= <ltning@anduin.net> Cc: freebsd-security@freebsd.org, Doug Barton <dougb@freebsd.org>, Eitan Adler <lists@eitanadler.com>, Mike Brown <mike@skew.org> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-11:05.unix Message-ID: <CADLo839PqMoo-jTvNOZYdyKmrHfKKFNZq2YTRDr3MbKp45FxEA@mail.gmail.com> In-Reply-To: <808B16DD-6AC6-438D-B2AE-895C5875EFC5@anduin.net> References: <201110010410.p914Ap3F001617@chilled.skew.org> <4E86A12E.3070600@FreeBSD.org> <808B16DD-6AC6-438D-B2AE-895C5875EFC5@anduin.net>
next in thread | previous in thread | raw e-mail | index | archive | help
2011/10/1 Eirik =D8verby <ltning@anduin.net>: > On Oct 1, 2011, at 07:12, Doug Barton wrote: > >> On 09/30/2011 21:10, Mike Brown wrote: >>> Eitan Adler wrote: >>>>> do I reboot for this one, or not? >>>> The kernel is changed, so yes. >>> >>> Thanks. I had guessed a reboot was needed, but the advisory only mentio= ned a >>> reboot in the context of building the kernel from sources. Hopefully, w= hen a >>> reboot is required, future advisories will mention it in the freebsd-up= date(8) >>> instructions. >> >> When would a reboot not be needed for a kernel change? > > Try this: When freebsd-update doesn't actually tell you to reboot. > > I would expect freebsd-update to inform me that I need to reboot if anyth= ing in /boot (or at least /boot/kernel) was touched. In particular when /bo= ot/kernel/kernel was touched. I know I've been told by freebsd-update to do= a two-stage update in the past (freebsd-update install, reboot single-user= , freebsd-update install again) - I had expected it to do the same this tim= e, but it didn't on any of the dozen-and-a-half systems I ran it on. > > When looking at the list of files changed between 8.2-RELEASE-p2 and -p3,= the /boot/kernel/kernel is easily missed among them. It's easily concievea= ble that a system gets patched and then not rebooted for months in a case l= ike this. > Generally users are expected to pay attention to what is updated-- I know this isn't always the easiest task, but blindly following instructions is not something that is generally advocated in FreeBSD. Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADLo839PqMoo-jTvNOZYdyKmrHfKKFNZq2YTRDr3MbKp45FxEA>