From owner-freebsd-security  Thu May 16 10:49:11 2002
Delivered-To: freebsd-security@freebsd.org
Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153])
	by hub.freebsd.org (Postfix) with ESMTP id 0BA1037B405
	for <security@FreeBSD.ORG>; Thu, 16 May 2002 10:49:05 -0700 (PDT)
Received: by gw.nectar.cc (Postfix, from userid 1001)
	id A5EA042; Thu, 16 May 2002 12:49:04 -0500 (CDT)
Date: Thu, 16 May 2002 12:49:04 -0500
From: "Jacques A. Vidrine" <nectar@FreeBSD.org>
To: security@FreeBSD.ORG
Subject: Re: Patch/Announcement for DHCPD remote root hole?
Message-ID: <20020516174904.GB92757@hellblazer.nectar.cc>
References: <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org> <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org> <20020515105453K.matusita@jp.FreeBSD.org> <4.3.2.7.2.20020515101500.00e7fee0@nospam.lariat.org> <4.3.2.7.2.20020515132552.0313bbb0@nospam.lariat.org> <20020516045909.GC7616@laptop.lambertfam.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020516045909.GC7616@laptop.lambertfam.org>
User-Agent: Mutt/1.3.27i
X-Url: http://www.nectar.cc/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu, May 16, 2002 at 12:59:10AM -0400, Scott Lambert wrote:
> Until we get binary patch kits, we just can't do the same thing for 
> the OS.  I am assuming that someone has taken the trouble of diff'ing
> the install images between patch levels to see how many files, and 
> what that translates to in megabytes, would be required for a tarball
> that just unpacks over all changed files.  I am also assuming that it is
> prohibitively large since it is a simple, brute force method.
> 
> My iBook came with OS X 10.1.1.  I had to download 40 MB of patches to 
> get to 10.1.2.  Reboot.  Download 5 MB of patches to get to 10.1.3.
> Reboot.  Download 2.5MB of patches to get to 10.1.4.  That's not counting
> the updates to the included software.

Hmm, I just posted another message in this thread with pointers to
packages you might play with.  The patches are cumulative, so they are
larger each time-- but at least you only need the latest.

> The last time I installed Solaris, it was a similar process except that 
> the patch sets always got larger due to their cumulative nature.  

Oh yeah, like that.

Individuals who would like to work on and contribute to making this a
robust, ongoing thing can drop us a line at <security-officer@FreeBSD.org>!

Cheers,
-- 
Jacques A. Vidrine <n@nectar.cc>                     http://www.nectar.cc/
NTT/Verio SME           .      FreeBSD UNIX      .        Heimdal Kerberos
jvidrine@verio.net      .   nectar@FreeBSD.org   .           nectar@kth.se

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message