Date: Wed, 14 Jun 2006 20:26:11 -0500 From: Jonathan Horne <jhorne@dfwlp.com> To: freebsd-questions@freebsd.org Subject: Re: Sendmail patch; brings up a questions about buildworld Message-ID: <200606142026.11511.jhorne@dfwlp.com> In-Reply-To: <200606150056.k5F0ufOh053199@app.auscert.org.au> References: <200606150056.k5F0ufOh053199@app.auscert.org.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 14 June 2006 19:56, Joel Hatton wrote: > On Wed, 14 Jun 2006 19:15:14 -0500, Jonathan Horne wrote: > >question: if i choose Patch Solution 1 from > >http://security.freebsd.org/advisories/FreeBSD-SA-06:17.sendmail.asc, do i > >need to build a new kernel to go with this, or can i just build the world > > and be done with it? > > The phrase "Upgrade your vulnerable system" implies performing the full > upgrade as per handbook, which means kernel and world. > > I would never recommend rebuilding world without kernel, even it appears > to be without risk, for three extremely good reasons: > > o the handbook says not to, and explains why > > o so that you will never fall into the habit of just building world > and get caught out one day when it bites you > > o so that the correct version of your system will be reflected in > the output of 'uname -a' eg: 5.3-RELEASE-p32 and hence you will > be able to track the patchlevel of your system > > That said, I wouldn't discourage you from patching sendmail immediately > to correct the vulnerability as per procedure 2) if time is critical but > I would certainly encourage following through with a system update as per > 1) as soon as possible. > > cheers, > joel > _______________________________________________ good enough for me... i was just wondering if it was ever done (as common practice) without the kernel. thanks, jonathan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200606142026.11511.jhorne>