From owner-freebsd-questions@FreeBSD.ORG Thu Jun 15 01:26:15 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C2BE516A474 for ; Thu, 15 Jun 2006 01:26:15 +0000 (UTC) (envelope-from jhorne@dfwlp.com) Received: from zeus.int.dfwlp.com (zeus.dfwlp.com [208.11.134.127]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5DB7943D6D for ; Thu, 15 Jun 2006 01:26:13 +0000 (GMT) (envelope-from jhorne@dfwlp.com) Received: from hera.int.dfwlp.com (hera.int.dfwlp.com [192.168.125.82]) (authenticated bits=0) by zeus.int.dfwlp.com (8.13.6/8.13.6) with ESMTP id k5F1QBgu051445 for ; Wed, 14 Jun 2006 20:26:11 -0500 (CDT) (envelope-from jhorne@dfwlp.com) From: Jonathan Horne To: freebsd-questions@freebsd.org Date: Wed, 14 Jun 2006 20:26:11 -0500 User-Agent: KMail/1.9.1 References: <200606150056.k5F0ufOh053199@app.auscert.org.au> In-Reply-To: <200606150056.k5F0ufOh053199@app.auscert.org.au> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200606142026.11511.jhorne@dfwlp.com> X-Spam-Status: No, score=-1.4 required=5.0 tests=ALL_TRUSTED autolearn=failed version=3.1.1 X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on zeus.int.dfwlp.com Subject: Re: Sendmail patch; brings up a questions about buildworld X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Jun 2006 01:26:15 -0000 On Wednesday 14 June 2006 19:56, Joel Hatton wrote: > On Wed, 14 Jun 2006 19:15:14 -0500, Jonathan Horne wrote: > >question: if i choose Patch Solution 1 from > >http://security.freebsd.org/advisories/FreeBSD-SA-06:17.sendmail.asc, do i > >need to build a new kernel to go with this, or can i just build the world > > and be done with it? > > The phrase "Upgrade your vulnerable system" implies performing the full > upgrade as per handbook, which means kernel and world. > > I would never recommend rebuilding world without kernel, even it appears > to be without risk, for three extremely good reasons: > > o the handbook says not to, and explains why > > o so that you will never fall into the habit of just building world > and get caught out one day when it bites you > > o so that the correct version of your system will be reflected in > the output of 'uname -a' eg: 5.3-RELEASE-p32 and hence you will > be able to track the patchlevel of your system > > That said, I wouldn't discourage you from patching sendmail immediately > to correct the vulnerability as per procedure 2) if time is critical but > I would certainly encourage following through with a system update as per > 1) as soon as possible. > > cheers, > joel > _______________________________________________ good enough for me... i was just wondering if it was ever done (as common practice) without the kernel. thanks, jonathan