From owner-freebsd-security@FreeBSD.ORG  Thu Sep 18 12:51:32 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8B10816A4B3
	for <freebsd-security@freebsd.org>;
	Thu, 18 Sep 2003 12:51:32 -0700 (PDT)
Received: from www.kozubik.com (kozubik.com [65.248.2.130])
	by mx1.FreeBSD.org (Postfix) with ESMTP id F282E43FD7
	for <freebsd-security@freebsd.org>;
	Thu, 18 Sep 2003 12:51:31 -0700 (PDT)
	(envelope-from john@kozubik.com)
Received: from kozubik.com (john@localhost [127.0.0.1])
	by www.kozubik.com (8.12.3/8.12.3) with ESMTP id h8IJS9rn065815;
	Thu, 18 Sep 2003 12:28:09 -0700 (PDT)
	(envelope-from john@kozubik.com)
Received: from localhost (john@localhost)
	by kozubik.com (8.12.3/8.12.3/Submit) with ESMTP id h8IJS893065812;
	Thu, 18 Sep 2003 12:28:08 -0700 (PDT)
Date: Thu, 18 Sep 2003 12:28:08 -0700 (PDT)
From: John Kozubik <john@kozubik.com>
To: "V. Jones" <vjones62@earthlink.net>
In-Reply-To: <13458237.1063904367933.JavaMail.root@thecount.psp.pas.earthlink.net>
Message-ID: <20030918122317.C82609-100000@kozubik.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: freebsd-security@freebsd.org
Subject: Re: Patching jails
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Sep 2003 19:51:32 -0000


Hello,

On Thu, 18 Sep 2003, V. Jones wrote:

> I'm going to apply the ssh patch.  Applying it to the "real" server
> seems straightforward enough, but I'm wondering what the right procedure
> is to apply this patch to my jailed servers.

No special procedure is necessary.  Log into the jail, su to root, and
follow the instructions in the SA - they will work just fine.

You may or may not have a populated /usr/src/secure though - you can get
it with cvsup, however it is faster and easier to simply tar up the
/usr/src/secure on the base system and untar it in the jail.  I presume
this to be safe, as there should never be a version mismatch between the
base system and the jails running on it.

The procedure in the sendmail SA that was released yesterday will also
work fine inside of a jail.  Again, make sure you have /usr/src/usr.sbin
and /usr/src/lib, and so on in the jail.

-----
John Kozubik - john@kozubik.com - http://www.kozubik.com