From owner-freebsd-security@FreeBSD.ORG Tue Apr 30 16:26:26 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 9E70138E; Tue, 30 Apr 2013 16:26:26 +0000 (UTC) (envelope-from utisoft@gmail.com) Received: from mail-ie0-x233.google.com (mail-ie0-x233.google.com [IPv6:2607:f8b0:4001:c03::233]) by mx1.freebsd.org (Postfix) with ESMTP id 600FE1D63; Tue, 30 Apr 2013 16:26:26 +0000 (UTC) Received: by mail-ie0-f179.google.com with SMTP id 16so853080iea.38 for ; Tue, 30 Apr 2013 09:26:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=rTSVbS3Sbc6jx/1LjiyYojP8BDVMvnNCqRlOtuQ/q/8=; b=IiwQKkny7LCGLelM4XR8mJ1KCiImSpM/XTLXxCeXb5rAD+iT+IJu3Ph3/6D9JDCPUR 70uUN0EznGJ8UIoIBVa88kZQzPfmv9FZbgNKTzvnT0eNQyY/GZqA9JLYnIqn5myMMRNh SsPygkTD0MuhKZMvXEkFfKeVzpPFtBKecXCV9y0sOWEJ6zZa6xHB77P5ghWDTSh8e4fg EydRxdIUxrs+E3fdEw9bW2AVmKftXJHBXLx7aX4IX4LE0Rgk+CJjaVs9jnVwUEkzXQn0 ycERW4I4InHaPus37CRki6+m3tlRzDdoQnq5O1L0Zc08T9z1YHV4eWITQwWHXG+Ndrfl NZIQ== MIME-Version: 1.0 X-Received: by 10.43.47.5 with SMTP id uq5mr32098919icb.0.1367339186036; Tue, 30 Apr 2013 09:26:26 -0700 (PDT) Received: by 10.64.58.52 with HTTP; Tue, 30 Apr 2013 09:26:25 -0700 (PDT) Received: by 10.64.58.52 with HTTP; Tue, 30 Apr 2013 09:26:25 -0700 (PDT) In-Reply-To: <20130430042415.GG1588@glenbarber.us> References: <201304292055.r3TKtcEs039958@freefall.freebsd.org> <201304292208.QAA16119@lariat.net> <20130430034603.GF1588@glenbarber.us> <201304300416.WAA20729@lariat.net> <20130430042415.GG1588@glenbarber.us> Date: Tue, 30 Apr 2013 17:26:25 +0100 Message-ID: Subject: Re: FreeBSD Security Advisory FreeBSD-SA-13:05.nfsserver From: Chris Rees To: Glen Barber , Colin Percival X-Mailman-Approved-At: Tue, 30 Apr 2013 17:49:11 +0000 Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: freebsd-security@freebsd.org, Brett Glass X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Apr 2013 16:26:26 -0000 On 30 Apr 2013 05:24, "Glen Barber" wrote: > > On Mon, Apr 29, 2013 at 10:16:43PM -0600, Brett Glass wrote: > > At 09:46 PM 4/29/2013, Glen Barber wrote: > > > > >This has _always_ been the case with freebsd-update(8). > > > > Should it be? > > Yes. freebsd-update(8) does not, and cannot, know of custom kernel > configurations. > > > It seems to me that the current behavior > > > > a) Violates POLA; and > > > > Wrong. Users that build a custom kernel are responsible for maintaining > the custom kernel for upgrades. > > > b) Puts any system with a custom kernel at serious risk if > > surgery and/or a kernel rebuild is not done prior to the > > next reboot. If there's a power failure, the system may > > well not come up. > > Wrong. Previous statement applies. I agreed with Glen, but when checking the docs it turns out that they say that freebsd-update will detect a kernel in /boot/GENERIC: http://www.freebsd.org/doc/handbook/updating-upgrading-freebsdupdate.html Are the docs wrong, or is this only in new freebsd-update? Chris