From owner-freebsd-security Wed Mar 5 11:10: 1 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 38ACE37B401; Wed, 5 Mar 2003 11:09:58 -0800 (PST) Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B5B043F93; Wed, 5 Mar 2003 11:09:56 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id B273538; Wed, 5 Mar 2003 13:09:55 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id 96FEF78C43; Wed, 5 Mar 2003 13:09:55 -0600 (CST) Date: Wed, 5 Mar 2003 13:09:55 -0600 From: "Jacques A. Vidrine" To: Brett Glass Cc: David Schultz , freebsd-security@FreeBSD.ORG Subject: Re: Does the patching procedure work? Message-ID: <20030305190955.GA17065@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Brett Glass , David Schultz , freebsd-security@FreeBSD.ORG References: <4.3.2.7.2.20030305052142.03f04200@localhost> <4.3.2.7.2.20030305050739.03f078f0@localhost> <4.3.2.7.2.20030305052142.03f04200@localhost> <4.3.2.7.2.20030305100150.048518c0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4.3.2.7.2.20030305100150.048518c0@localhost> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.3i-ja.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Mar 05, 2003 at 10:18:03AM -0700, Brett Glass wrote: > It turns out that it was 4.5-RELEASE-p4, just a sliver before > 4.6. (The system had been patched for later problems rather > than upgraded, because it's a production machine.) Quite recent. > (You don't want to change point versions constantly on > production machines.) If this machine had been kept up-to-date (i.e. was 4.5-RELEASE-p22 or more recent, or had the previous sendmail bug patched), then the patch would probably have worked out. > I was lucky I noticed the problem. The messages just rolled > by, and if I hadn't scrolled back I would not have caught > them. I'll bet some folks missed this and are unprotected. > (The hunks that are rejected are important, but the message > about dropping the comments is in one of the hunks that's > accepted, so it looks as if the patch took!) Lucky? Hrmpf, a system administrator has to be careful. Actually examining the output of any given command that one runs is pretty much a requirement if you want to know if it succeeded or not... as is checking the exit code. But here's a tip to make that easier: use the `-s' and `-C' flags with patch. See the man page. > What I have done on that machine is install the 4.6 binary, > which seems to run just fine on 4.5 and even 4.4 (though > you may need to add the misssing group). Cool. > Patches should be provided back to 4.4, IMHO. Um, in this case, they were provided all the way back to 3.x. However, in general, the table at is what you can count on. I will gladly extend the lifetime of one branch one extra year for each US$25,000 I receive. Cheers, -- Jacques A. Vidrine http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message