Date: Thu, 28 Aug 2003 13:54:08 -0600 From: Brett Glass <brett@lariat.org> To: Colin Percival <colin.percival@wadham.ox.ac.uk>, Colin Percival <colin.percival@wadham.ox.ac.uk>, stable@freebsd.org Subject: Re: Need to build some systems this week. Snapshots? Message-ID: <4.3.2.7.2.20030828133145.0313d860@localhost> In-Reply-To: <5.0.2.1.1.20030828110441.02d9f580@popserver.sfu.ca> References: <4.3.2.7.2.20030828120019.0324b6a0@localhost> <5.0.2.1.1.20030828103403.02d683a8@popserver.sfu.ca> <200308280638.AAA19221@lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:16 PM 8/28/2003, Colin Percival wrote: >At 12:01 28/08/2003 -0600, Brett Glass wrote: >>Will this fix everything that needs to be recompiled to avoid the realpath() >>bug? > > Yes, that's the whole point of FreeBSD Update. Read my paper, or come to BSDCon, for details; but rest assured that if you start with a binary install from the official FTP or ISO releases, and don't recompile any of the world locally, FreeBSD Update will update any binaries which are affected by modifications in the security branch. That's great. What does one do about packages and ports? It appears that the binary packages on the FreeBSD servers are never updated between releases... which means that if a bug is in a package or is compiled into a package (as with the realpath problem), the FreeBSD servers keep sending out exploitable copies of that package indefinitely. The situation with ports is a bit better, but how does one know which ones to recompile and reinstall? Does your update system handle this situation and/or warn about it? --Brett
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20030828133145.0313d860>