Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 26 Feb 2007 14:11:48 -0600
From:      Dan Nelson <dnelson@allantgroup.com>
To:        Jerry <jerrymc@msu.edu>
Cc:        questions@freebsd.org
Subject:   Re: Patches in FreeBSD
Message-ID:  <20070226201148.GC71962@dan.emsphone.com>
In-Reply-To: <20070226184043.GA59508@gizmo.acns.msu.edu>
References:  <20070226184043.GA59508@gizmo.acns.msu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 
In the last episode (Feb 26), Jerry said:
> I am being forced to use something besides FreeBSD - probably Susie
> or Red Hat Linux for the base of a server system.  The primary reason
> given is that when security issues come along, FreeBSD has no way of
> patching the running system, but rather requires rebuilding the
> system - CVSUP, make, install, etc whereas Susie and Red Hat can be
> patched on the fly.  I presume this means kernel type security stuff
> rather than concerns about third party software.

FreeBSD can be patched on the fly just as easily as Linux.  In both
cases: Kernel fixes require a reboot.  Fixes to running deamons require
them to be restarted.  Fixes to shared libraries require all running
programs using them to be restarted (usually simpler to just reboot).

YAST/up2date/whatever may automatically restart daemons (I know apt-get
in Debian does), but for something like a libc update, the fact that
the file is delivered via an RPM versus a "make install" step doesn't
save you from a reboot.
 
> My question is:   How do I respond to this? I have seen the word
> patch used in security update messages - but didn't follow that path. 
> Is that real?  Does it cover kernel things essentially on the fly or
> is a 'time consuming' rebuild still needed?

A patch lets you fix the problem listed in the security advisory
without necessarily having to do a full buildworld.  The SA-07:02.bind
advisory, for example, gives instructions on how to patch, rebuild,
install, and restart named.

-- 
	Dan Nelson
	dnelson@allantgroup.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070226201148.GC71962>