From owner-freebsd-security  Tue Apr  9  8:15:21 2002
Delivered-To: freebsd-security@freebsd.org
Received: from web11808.mail.yahoo.com (web11808.mail.yahoo.com [216.136.172.162])
	by hub.freebsd.org (Postfix) with SMTP id 04C8637B400
	for <freebsd-security@FreeBSD.ORG>; Tue,  9 Apr 2002 08:15:15 -0700 (PDT)
Message-ID: <20020409151514.54994.qmail@web11808.mail.yahoo.com>
Received: from [64.73.64.94] by web11808.mail.yahoo.com via HTTP; Tue, 09 Apr 2002 08:15:14 PDT
Date: Tue, 9 Apr 2002 08:15:14 -0700 (PDT)
From: X Philius <xphilius@yahoo.com>
Reply-To: xphilius@yahoo.com
Subject: Verifying that a security patch has done it's thing...
To: freebsd-security@FreeBSD.ORG
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Security Folks,

Background:
I'm running 4.4 Release, which I built from source. I am pretty new to
this whole concept, but comfortable enough in the CLI environment. I
haven't ever written a scrap of C, but I can follow directions and run
"make" like a champ ;-) I am just running a web server, with nothing
too private on the entire box. My goal is to make the minimal changes
to my system between major upgrades, so I am going to run the suggested
patches from the security notices as needed between now and 5.0
release.

Questions:
I just ran the patch to fix the OpenSSH issue from "Security Advisory
FreeBSD-SA-02:13.openssh " on my development server. 

1. How do I verify that the patch did what it was supposed to do? My
understanding is that this will not update the version flag of OpenSSH,
and so other than making sure that the patch and install etc run
without error, how do I make sure everything is cool? 

2. The security notice did not really say what I needed to do to make
sure that the new version of sshd was loaded in to memory after the
install. On my dev machine I just rebooted (the brute force method!)
I'd rather not do the same on my prod machine. Can I run a "kill -1" on
the process while logged in via SSH? My instincts tell me that would
log me out. Do I need to be local on the machine  and run a "kill -1",
or do I have to actually stop sshd entirely and then restart it to load
the new binary? Truth to tell, I can reboot my prod machine as well,
but I am practicing for a day when my server is co-lo'ed elsewhere and
not available for local log ins!

Thanks in advance!

Jason


__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message