From owner-freebsd-stable@FreeBSD.ORG  Sun Aug 31 11:39:58 2003
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BA5DE16A4BF
	for <stable@freebsd.org>; Sun, 31 Aug 2003 11:39:58 -0700 (PDT)
Received: from pd4mo2so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net
	[24.71.223.10])	by mx1.FreeBSD.org (Postfix) with ESMTP id 7E4DE43FFB
	for <stable@freebsd.org>; Sun, 31 Aug 2003 11:39:57 -0700 (PDT)
	(envelope-from colin.percival@wadham.ox.ac.uk)
Received: from pd5mr3so.prod.shaw.ca
 (pd5mr3so-qfe3.prod.shaw.ca [10.0.141.144]) by l-daemon
 (iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003))
 with ESMTP id <0HKH00233YIK24@l-daemon> for stable@freebsd.org; Sun,
 31 Aug 2003 12:39:56 -0600 (MDT)
Received: from pn2ml7so.prod.shaw.ca
 (pn2ml7so-qfe0.prod.shaw.ca [10.0.121.151]) by l-daemon
 (iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003))
 with ESMTP id <0HKH00EDCYIKJS@l-daemon> for stable@freebsd.org; Sun,
 31 Aug 2003 12:39:56 -0600 (MDT)
Received: from piii600.wadham.ox.ac.uk
 (h24-87-233-42.vc.shawcable.net [24.87.233.42])
 by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003))
 with ESMTP id <0HKH00I9SYII44@l-daemon> for stable@freebsd.org; Sun,
 31 Aug 2003 12:39:56 -0600 (MDT)
Date: Sun, 31 Aug 2003 11:37:12 -0700
From: Colin Percival <colin.percival@wadham.ox.ac.uk>
In-reply-to: <4.3.2.7.2.20030830184324.03a13a50@localhost>
X-Sender: cperciva@popserver.sfu.ca
To: Brett Glass <brett@lariat.org>,
	Colin Percival <colin.percival@wadham.ox.ac.uk>, stable@freebsd.org
Message-id: <5.0.2.1.1.20030831111519.01c8c728@popserver.sfu.ca>
MIME-version: 1.0
X-Mailer: QUALCOMM Windows Eudora Version 5.0.2
Content-type: text/plain; charset=us-ascii; format=flowed
Content-transfer-encoding: 7BIT
References: <5.0.2.1.1.20030828103403.02d683a8@popserver.sfu.ca>
 <200308280638.AAA19221@lariat.org>
Subject: Re: Need to build some systems this week. Snapshots?
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Aug 2003 18:39:58 -0000

At 12:08 31/08/2003 -0600, Brett Glass wrote:
>I then brought in the "freebsd-update" package to update the system, which 
>should (in theory) have nuked all of the known security holes in the base 
>install.
>
>Alas, what I didn't realize at first (though I should have) was that the 
>package was going to try to update "immutable" files. It couldn't do this, 
>of course, because I'd installed with the "maximum" security settings, 
>which set "securelevel" to 2. It failed to update those files, but gave no 
>warning that it had failed; it was a good thing I noticed.

   If FreeBSD Update fails to "chflags noschg" a file, it should stop with 
the message "Error installing $FILE".  If it didn't, that's a serious bug; 
except...

>  So, I changed /etc/rc.conf, rebooted, and ran freebsd-update again. 
> Alas, freebsd-update told me that the system was fully updated and did nothing.

   FreeBSD Update is stateless.  It keeps old files available for rollback 
purposes, but it does not "remember" that it has updated a file.  If it 
decided that nothing needed to be updated, it did so after checking that 
the MD5 hashes of the currently installed files were correct.
   In short, provided that you haven't rebuilt the world locally, if 
FreeBSD Update reports "No updates available", your system is definitely up 
to date.

>It then occurred to me: What would one do if the freebsd-update package 
>itself had been linked with a buggy library?

   There's only one binary in freebsd-update, and the only library calls it 
makes are to malloc, free, fprintf, fopen, fread, fwrite, and fclose; 
anyway, it's dynamically linked.

>The pkg_delete command issued a warning, however, complaining that it 
>couldn't delete the directory /usr/local/freebsd-update. So, I nuked the 
>directory by hand. (Will this cause future problems? I guess I'll see.)

   /usr/local/freebsd-update/work/ contains the rollback files.  If you 
don't want them, nuking the directory is fine.  (I spent a long time 
wondering if I should nuke the directory as part of the uninstall script, 
until I realized that would cause problems for people who were simply 
upgrading from one version to another.)

 > [snip discussion of ports and packages]

   If you want to save time, you could always install all the (potentially 
out of date) packages and run portupgrade.  For dealing with updated 
libraries, the following code might be helpful:

beastie# cat /root/port-rebuild-statics
#!/bin/sh

find /usr/local -type f -perm +111 ! -newer                             \
         /usr/lib/`ls -art /usr/lib | tail -1` -print0 |                 \
         xargs -0 file | grep "statically linked" | cut -f 1 -d ':' |    \
         xargs pkg_which | grep -v '^\?$' | sort -u |                    \
         while read x; do portupgrade -fi $x < /dev/tty; done

Colin Percival