From owner-freebsd-questions@FreeBSD.ORG  Thu Jun 15 00:56:46 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id ACB3316A479
	for <freebsd-questions@freebsd.org>;
	Thu, 15 Jun 2006 00:56:46 +0000 (UTC)
	(envelope-from freebsd-questions@auscert.org.au)
Received: from titania.auscert.org.au (gw.auscert.org.au [203.5.112.28])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1F4C743D45
	for <freebsd-questions@freebsd.org>;
	Thu, 15 Jun 2006 00:56:45 +0000 (GMT)
	(envelope-from freebsd-questions@auscert.org.au)
Received: from app.auscert.org.au (app [10.0.1.192])
	by titania.auscert.org.au (8.12.10/8.12.10) with ESMTP id
	k5F0ufuE038398; Thu, 15 Jun 2006 10:56:41 +1000 (EST)
Received: from app.auscert.org.au (localhost.auscert.org.au [127.0.0.1])
	by app.auscert.org.au (8.13.1/8.13.1) with ESMTP id k5F0ufOh053199;
	Thu, 15 Jun 2006 10:56:41 +1000 (EST)
	(envelope-from freebsd-questions@auscert.org.au)
Message-Id: <200606150056.k5F0ufOh053199@app.auscert.org.au>
From: Joel Hatton <freebsd-questions@auscert.org.au>
To: Jonathan Horne <jhorne@dfwlp.com>
In-Reply-To: Your message of "Wed, 14 Jun 2006 19:15:14 EST."
	<200606141915.14613.jhorne@dfwlp.com> 
Date: Thu, 15 Jun 2006 10:56:41 +1000
Cc: freebsd-questions@freebsd.org
Subject: Re: Sendmail patch; brings up a questions about buildworld 
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jun 2006 00:56:46 -0000

On Wed, 14 Jun 2006 19:15:14 -0500, Jonathan Horne wrote:
>
>question: if i choose Patch Solution 1 from 
>http://security.freebsd.org/advisories/FreeBSD-SA-06:17.sendmail.asc, do i 
>need to build a new kernel to go with this, or can i just build the world and 
>be done with it?

The phrase "Upgrade your vulnerable system" implies performing the full
upgrade as per handbook, which means kernel and world. 

I would never recommend rebuilding world without kernel, even it appears
to be without risk, for three extremely good reasons:

	o the handbook says not to, and explains why

	o so that you will never fall into the habit of just building world
	and get caught out one day when it bites you

	o so that the correct version of your system will be reflected in
	the output of 'uname -a' eg: 5.3-RELEASE-p32 and hence you will
	be able to track the patchlevel of your system

That said, I wouldn't discourage you from patching sendmail immediately
to correct the vulnerability as per procedure 2) if time is critical but
I would certainly encourage following through with a system update as per
1) as soon as possible.

cheers,
joel