From owner-freebsd-questions@FreeBSD.ORG Fri Apr 7 20:54:21 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ABECC16A400 for ; Fri, 7 Apr 2006 20:54:21 +0000 (UTC) (envelope-from freebsd@dfwlp.com) Received: from zeus.int.dfwlp.com (zeus.dfwlp.com [208.11.134.127]) by mx1.FreeBSD.org (Postfix) with ESMTP id 535F743D46 for ; Fri, 7 Apr 2006 20:54:21 +0000 (GMT) (envelope-from freebsd@dfwlp.com) Received: from mail.dfwlp.com (localhost.int.dfwlp.com [127.0.0.1]) by zeus.int.dfwlp.com (8.13.6/8.13.4) with ESMTP id k37KsKv0029087 for ; Fri, 7 Apr 2006 15:54:20 -0500 (CDT) (envelope-from freebsd@dfwlp.com) Received: from 208.11.134.3 (SquirrelMail authenticated user jhorne) by mail.dfwlp.com with HTTP; Fri, 7 Apr 2006 15:54:20 -0500 (CDT) Message-ID: <43461.208.11.134.3.1144443260.squirrel@mail.dfwlp.com> Date: Fri, 7 Apr 2006 15:54:20 -0500 (CDT) From: "Jonathan Horne" To: freebsd-questions@freebsd.org User-Agent: SquirrelMail/1.4.6 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Spam-Status: No, score=-1.4 required=5.0 tests=ALL_TRUSTED autolearn=failed version=3.1.1 X-Spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on zeus.int.dfwlp.com Subject: a few questions and concepts X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd@dfwlp.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Apr 2006 20:54:21 -0000 im still pretty new to freebsd. ive been playing around with the cvsup tools, and they are quite fascinating. i changed my production server from Fedora to FreeBSD 6.0, about 1 day before the most recent sendmail exploit was published (well, published on freebsd.org anyway). i did download the patch and recompile it, but as some have also noted on this list, that it still banners as 8.13.4 when you telnet to it. so, the past couple of days, i have learned to cvsup my /usr/src directories. ive just been using the standard copy of the stable-supfile. i have learned that if i perform the sendmail recompile after the cvsup, that it sendmail seems to proclaim 8.13.6 in the banner. on top of that, i have learned that if i recompile the kernel after cvsup, that it no longer says FreeBSD 6.0-RELEASE, but FreeBSD 6.1-PRERELEASE. my questions: 1) after cvsup, i think i can assume that sendmail is now compiling from sourcecode that should definatly be free from the current exploit. i would also assume that anything that i would need to recompile from /usr/src should also see the benefit of 'latest source code'? 2) on a production server, should i avoid recompiling a kernel that will be FreeBSD 6.1-PRERELEASE? on the whole, how reliable is the bulk of these newer sources that were pulled down by cvsup? i can definatly see the benefits of using cvsup to take care of problem with some things (like sendmail), but allowing it to update everything under the /usr/src tree, im wondering if i could be setting myself up for issues (by not editing the stable-supfile and taking only what i need). last, im also as well interested in hearing how some of my peers here apply the cvsup concepts to your production servers. thanks for reading, Jonathan Horne