Date: Mon, 26 Feb 2007 16:25:35 -0500 From: Jerry McAllister <jerrymc@msu.edu> To: Dan Nelson <dnelson@allantgroup.com> Cc: questions@freebsd.org Subject: Re: Patches in FreeBSD Message-ID: <20070226212535.GB60165@gizmo.acns.msu.edu> In-Reply-To: <20070226201148.GC71962@dan.emsphone.com> References: <20070226184043.GA59508@gizmo.acns.msu.edu> <20070226201148.GC71962@dan.emsphone.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Feb 26, 2007 at 02:11:48PM -0600, Dan Nelson wrote: > In the last episode (Feb 26), Jerry said: > > I am being forced to use something besides FreeBSD - probably Susie > > or Red Hat Linux for the base of a server system. The primary reason > > given is that when security issues come along, FreeBSD has no way of > > patching the running system, but rather requires rebuilding the > > system - CVSUP, make, install, etc whereas Susie and Red Hat can be > > patched on the fly. I presume this means kernel type security stuff > > rather than concerns about third party software. > > FreeBSD can be patched on the fly just as easily as Linux. In both > cases: Kernel fixes require a reboot. Fixes to running deamons require > them to be restarted. Fixes to shared libraries require all running > programs using them to be restarted (usually simpler to just reboot). > > YAST/up2date/whatever may automatically restart daemons (I know apt-get > in Debian does), but for something like a libc update, the fact that > the file is delivered via an RPM versus a "make install" step doesn't > save you from a reboot. I rather thought that, but wasn't informed enough at the time to make an argument. This will take some diplomacy around here, but, this is helpful. Thanks, ////jerry > > > My question is: How do I respond to this? I have seen the word > > patch used in security update messages - but didn't follow that path. > > Is that real? Does it cover kernel things essentially on the fly or > > is a 'time consuming' rebuild still needed? > > A patch lets you fix the problem listed in the security advisory > without necessarily having to do a full buildworld. The SA-07:02.bind > advisory, for example, gives instructions on how to patch, rebuild, > install, and restart named. > > -- > Dan Nelson > dnelson@allantgroup.com > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070226212535.GB60165>