Date: Wed, 05 Mar 2003 19:40:20 +0000 From: Mark Murray <mark@grondar.org> To: "Jacques A. Vidrine" <nectar@FreeBSD.ORG> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Does the patching procedure work? Message-ID: <200303051940.h25JeKIg068723@grimreaper.grondar.org> In-Reply-To: Your message of "Wed, 05 Mar 2003 13:09:55 CST." <20030305190955.GA17065@madman.celabo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi This thread is going well off-topic. How to use patch(1) is a questions@ problem. Please take this off-line. The patch lifetime part is OK. M "Jacques A. Vidrine" writes: > On Wed, Mar 05, 2003 at 10:18:03AM -0700, Brett Glass wrote: > > It turns out that it was 4.5-RELEASE-p4, just a sliver before > > 4.6. (The system had been patched for later problems rather > > than upgraded, because it's a production machine.) Quite recent. > > (You don't want to change point versions constantly on > > production machines.) > > If this machine had been kept up-to-date (i.e. was 4.5-RELEASE-p22 or > more recent, or had the previous sendmail bug patched), then the patch > would probably have worked out. > > > I was lucky I noticed the problem. The messages just rolled > > by, and if I hadn't scrolled back I would not have caught > > them. I'll bet some folks missed this and are unprotected. > > (The hunks that are rejected are important, but the message > > about dropping the comments is in one of the hunks that's > > accepted, so it looks as if the patch took!) > > Lucky? Hrmpf, a system administrator has to be careful. Actually > examining the output of any given command that one runs is pretty much > a requirement if you want to know if it succeeded or not... as is > checking the exit code. > > But here's a tip to make that easier: use the `-s' and `-C' flags with > patch. See the man page. > > > What I have done on that machine is install the 4.6 binary, > > which seems to run just fine on 4.5 and even 4.4 (though > > you may need to add the misssing group). > > Cool. > > > Patches should be provided back to 4.4, IMHO. > > Um, in this case, they were provided all the way back to 3.x. > > However, in general, the table at > <URL: http://www.freebsd.org/security/#adv>; > is what you can count on. > > I will gladly extend the lifetime of one branch one extra year for > each US$25,000 I receive. > > Cheers, > -- > Jacques A. Vidrine <nectar@celabo.org> http://www.celabo.org/ > NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos > jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Mark Murray iumop ap!sdn w,I idlaH To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200303051940.h25JeKIg068723>