Date: Tue, 30 Apr 2013 20:13:09 -0700 From: Colin Percival <cperciva@freebsd.org> To: Brett Glass <brett@lariat.org> Cc: Glen Barber <gjb@FreeBSD.org>, Chris Rees <utisoft@gmail.com>, freebsd-security@FreeBSD.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-13:05.nfsserver Message-ID: <51808845.9040804@freebsd.org> In-Reply-To: <201305010243.UAA08356@lariat.net> References: <201304292208.QAA16119@lariat.net> <20130430034603.GF1588@glenbarber.us> <201304300416.WAA20729@lariat.net> <20130430042415.GG1588@glenbarber.us> <CADLo839_J40E4O2s7Af3r1stH98B-fjKtBwmNovaPfY7peqi7Q@mail.gmail.com> <201304301936.NAA02519@lariat.net> <20130430211531.GA1621@glenbarber.us> <201304302241.QAA05359@lariat.net> <20130430224850.GA1579@glenbarber.us> <201305010149.TAA07809@lariat.net> <20130501022228.GD1579@glenbarber.us> <201305010243.UAA08356@lariat.net>
index | next in thread | previous in thread | raw e-mail
On 04/30/13 19:43, Brett Glass wrote: > When you use freebsd-update(8) in the usual manner, it fetches all of the > source and binary updates necessary to bring the system up to the latest > security patch level. When a userland binary is updated, it overwrites the > source and binary. But when the kernel is updated, it moves /boot/kernel to > /boot/kernel.old and then drops a GENERIC kernel into /boot/kernel. If > there were no loadable modules in /boot/kernel at the start of the update, > none are placed in /boot/kernel afterward. This is problematic, because > the custom kernel that previously resided in /boot/kernel might have had some > necessary modules built in... and they will not be available, either as > compiled-in modules or as loadable modules, at the next reboot. > > To leave the system in a precarious state, where a power glitch could > leave it unable to reboot, does not seem to me like a good idea. If > /boot/GENERIC exists (which means that the administrator has built a custom > kernel and saved the GENERIC kernel there), best to update /boot/GENERIC and > leave the custom kernel in place, to be rebuilt if needed. If you don't want freebsd-update to update your kernel, remove 'kernel' from the 'Components' line in /etc/freebsd-update.conf. -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoidhelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51808845.9040804>