Date: Wed, 5 Mar 2003 13:09:55 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Brett Glass <brett@lariat.org> Cc: David Schultz <das@FreeBSD.ORG>, freebsd-security@FreeBSD.ORG Subject: Re: Does the patching procedure work? Message-ID: <20030305190955.GA17065@madman.celabo.org> In-Reply-To: <4.3.2.7.2.20030305100150.048518c0@localhost> References: <4.3.2.7.2.20030305052142.03f04200@localhost> <4.3.2.7.2.20030305050739.03f078f0@localhost> <4.3.2.7.2.20030305052142.03f04200@localhost> <4.3.2.7.2.20030305100150.048518c0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Mar 05, 2003 at 10:18:03AM -0700, Brett Glass wrote: > It turns out that it was 4.5-RELEASE-p4, just a sliver before > 4.6. (The system had been patched for later problems rather > than upgraded, because it's a production machine.) Quite recent. > (You don't want to change point versions constantly on > production machines.) If this machine had been kept up-to-date (i.e. was 4.5-RELEASE-p22 or more recent, or had the previous sendmail bug patched), then the patch would probably have worked out. > I was lucky I noticed the problem. The messages just rolled > by, and if I hadn't scrolled back I would not have caught > them. I'll bet some folks missed this and are unprotected. > (The hunks that are rejected are important, but the message > about dropping the comments is in one of the hunks that's > accepted, so it looks as if the patch took!) Lucky? Hrmpf, a system administrator has to be careful. Actually examining the output of any given command that one runs is pretty much a requirement if you want to know if it succeeded or not... as is checking the exit code. But here's a tip to make that easier: use the `-s' and `-C' flags with patch. See the man page. > What I have done on that machine is install the 4.6 binary, > which seems to run just fine on 4.5 and even 4.4 (though > you may need to add the misssing group). Cool. > Patches should be provided back to 4.4, IMHO. Um, in this case, they were provided all the way back to 3.x. However, in general, the table at <URL: http://www.freebsd.org/security/#adv>; is what you can count on. I will gladly extend the lifetime of one branch one extra year for each US$25,000 I receive. Cheers, -- Jacques A. Vidrine <nectar@celabo.org> http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030305190955.GA17065>