From owner-freebsd-security Wed Aug 22 6:32:49 2001 Delivered-To: freebsd-security@freebsd.org Received: from magellan.palisadesys.com (magellan.palisadesys.com [192.188.162.211]) by hub.freebsd.org (Postfix) with ESMTP id 503F537B40F; Wed, 22 Aug 2001 06:32:35 -0700 (PDT) (envelope-from ghelmer@palisadesys.com) Received: from mira (mira.palisadesys.com [192.188.162.116]) (authenticated (0 bits)) by magellan.palisadesys.com (8.11.4/8.11.4) with ESMTP id f7MDWOh21703 (using TLSv1/SSLv3 with cipher RC4-MD5 (128 bits) verified NO); Wed, 22 Aug 2001 08:32:25 -0500 From: "Guy Helmer" To: , Cc: Subject: RE: FreeBSD Security Advisory FreeBSD-SA-01:55.procfs Date: Wed, 22 Aug 2001 08:34:11 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: Normal In-Reply-To: <3B82E2D3.823.D177AF1@localhost> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dan Langille wrote: > On 21 Aug 2001, at 13:39, FreeBSD Security Advisories wrote: > > > # cd /usr/src/sys > > # patch -p < /path/to/patch > > [dan@xeon:/usr/src/sys] $ sudo patch -p < /usr/patches/procfs.patch > Hmm... Looks like a unified diff to me... > The text leading up to this was: > -------------------------- > |Index: sys/i386/linux/linprocfs/linprocfs_vnops.c > |=================================================================== > |RCS file: > /usr2/ncvs/src/sys/i386/linux/linprocfs/Attic/linprocfs_vnops.c,v > |retrieving revision 1.3.2.4 > |retrieving revision 1.3.2.5 > |diff -u -r1.3.2.4 -r1.3.2.5 > |--- sys/i386/linux/linprocfs/linprocfs_vnops.c 2001/06/25 > 19:46:47 1.3.2.4 > |+++ sys/i386/linux/linprocfs/linprocfs_vnops.c 2001/08/12 > 14:29:19 1.3.2.5 > -------------------------- > File to patch: > > Is it just me or is this becoming a recurring theme? *grin* > > I volunteer to test every patch, given that I seem to be the first to > report the problem. > > The patch works if you cd /usr/src, not /usr/src/sys It is my sense from reading some other vendor's advisories (namely RedHat) that advisories go through internal review and correction prior to release. A quick review process by a small group of interested security-minded folks could help catch minor typos like this one. Would security-officer be willing to setup a private mail list for a small group of interested people and give them a few hours to review proposed advisories prior to release? Guy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message