From owner-freebsd-security@FreeBSD.ORG  Thu Nov 11 12:52:14 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id B68DD16A4CE; Thu, 11 Nov 2004 12:52:14 +0000 (GMT)
Received: from arginine.spc.org (arginine.spc.org [195.206.69.236])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 2813843D2F; Thu, 11 Nov 2004 12:52:14 +0000 (GMT)
	(envelope-from bms@spc.org)
Received: from localhost (localhost [127.0.0.1])
	by arginine.spc.org (Postfix) with ESMTP
	id 7393E65219; Thu, 11 Nov 2004 12:52:12 +0000 (GMT)
Received: from arginine.spc.org ([127.0.0.1])
 by localhost (arginine.spc.org [127.0.0.1]) (amavisd-new, port 10024)
 with LMTP id 38819-03-4; Thu, 11 Nov 2004 12:52:12 +0000 (GMT)
Received: from empiric.dek.spc.org (dhcp120.icir.org [192.150.187.120])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by arginine.spc.org (Postfix) with ESMTP
	id 8E64465213; Thu, 11 Nov 2004 12:52:11 +0000 (GMT)
Received: by empiric.dek.spc.org (Postfix, from userid 1001)
	id DC60F6482; Thu, 11 Nov 2004 04:52:00 -0800 (PST)
Date: Thu, 11 Nov 2004 04:52:00 -0800
From: Bruce M Simpson <bms@spc.org>
To: "Peter C. Lai" <sirmoo@cowbert.net>
Message-ID: <20041111125200.GH723@empiric.icir.org>
Mail-Followup-To: "Peter C. Lai" <sirmoo@cowbert.net>,
	"Jacques A. Vidrine" <nectar@FreeBSD.org>,
	freebsd-security@freebsd.org
References: <20041110173511.GA2940@frontfree.net>
	<4192539C.6040403@elischer.org> <20041110183046.GA3518@frontfree.net>
	<20041110195259.GB74491@madman.celabo.org> <20041110201506.GD283@cowbert.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20041110201506.GD283@cowbert.net>
cc: "Jacques A. Vidrine" <nectar@FreeBSD.org>
cc: freebsd-security@freebsd.org
Subject: Re: Is there any way to know if userland is patched?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Nov 2004 12:52:14 -0000

On Wed, Nov 10, 2004 at 03:15:06PM -0500, Peter C. Lai wrote:
> On Wed, Nov 10, 2004 at 01:52:59PM -0600, Jacques A. Vidrine wrote:
> > In the end, what we want is for a user to type `uname -r' and to see
> > what patch level is running.  Anything more complicated (checking RCS
> > Ids and such) just gets in the way, I think.
> 
> That is how many other major unix suppliers do it (sun/solaris, and sgi/irix).

Actually no; Solaris can have many different system patches installed.
See the showrev manpage, in particular the -p option. Or docs:
	http://docs.sun.com/db/doc/817-1985/6mhm8o5va?a=view

In particular, the ability to manage base system patches under Solaris
much like packages is very useful.

BMS