From owner-freebsd-security Wed Aug 22 6:41:31 2001 Delivered-To: freebsd-security@freebsd.org Received: from prox.centtech.com (moat2.centtech.com [206.196.95.21]) by hub.freebsd.org (Postfix) with ESMTP id 3F7D937B40B; Wed, 22 Aug 2001 06:41:11 -0700 (PDT) (envelope-from anderson@centtech.com) Received: (from smap@localhost) by prox.centtech.com (8.9.3+Sun/8.9.3) id IAA23684; Wed, 22 Aug 2001 08:41:00 -0500 (CDT) Received: from sprint.centtech.com(10.177.173.31) by prox via smap (V2.1+anti-relay+anti-spam) id xma023676; Wed, 22 Aug 01 08:40:33 -0500 Received: from centtech.com (proton [10.177.173.77]) by sprint.centtech.com (8.9.3+Sun/8.9.3) with ESMTP id IAA28698; Wed, 22 Aug 2001 08:40:33 -0500 (CDT) Message-ID: <3B83B651.75B523AB@centtech.com> Date: Wed, 22 Aug 2001 08:40:33 -0500 From: Eric Anderson Reply-To: anderson@centtech.com Organization: Centaur Technology X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.14-5.0smp i686) X-Accept-Language: en MIME-Version: 1.0 To: Guy Helmer Cc: dan@langille.org, security-officer@freebsd.org, security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-01:55.procfs References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I would be interested in helping out for that too.. This is definitely a good idea. Two thumbs up. Eric Anderson Guy Helmer wrote: > > Dan Langille wrote: > > On 21 Aug 2001, at 13:39, FreeBSD Security Advisories wrote: > > > > > # cd /usr/src/sys > > > # patch -p < /path/to/patch > > > > [dan@xeon:/usr/src/sys] $ sudo patch -p < /usr/patches/procfs.patch > > Hmm... Looks like a unified diff to me... > > The text leading up to this was: > > -------------------------- > > |Index: sys/i386/linux/linprocfs/linprocfs_vnops.c > > |=================================================================== > > |RCS file: > > /usr2/ncvs/src/sys/i386/linux/linprocfs/Attic/linprocfs_vnops.c,v > > |retrieving revision 1.3.2.4 > > |retrieving revision 1.3.2.5 > > |diff -u -r1.3.2.4 -r1.3.2.5 > > |--- sys/i386/linux/linprocfs/linprocfs_vnops.c 2001/06/25 > > 19:46:47 1.3.2.4 > > |+++ sys/i386/linux/linprocfs/linprocfs_vnops.c 2001/08/12 > > 14:29:19 1.3.2.5 > > -------------------------- > > File to patch: > > > > Is it just me or is this becoming a recurring theme? *grin* > > > > I volunteer to test every patch, given that I seem to be the first to > > report the problem. > > > > The patch works if you cd /usr/src, not /usr/src/sys > > It is my sense from reading some other vendor's advisories (namely RedHat) > that advisories go through internal review and correction prior to release. > A quick review process by a small group of interested security-minded folks > could help catch minor typos like this one. Would security-officer be > willing to setup a private mail list for a small group of interested people > and give them a few hours to review proposed advisories prior to release? > > Guy > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- ------------------------------------------------------------------------------- Eric Anderson anderson@centtech.com Centaur Technology (512) 418-5792 Truth is more marvelous than mystery. ------------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message