From owner-freebsd-questions@FreeBSD.ORG Mon Feb 26 21:28:08 2007 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5ADE016A4A9 for ; Mon, 26 Feb 2007 21:28:08 +0000 (UTC) (envelope-from jerrymc@gizmo.acns.msu.edu) Received: from gizmo.acns.msu.edu (gizmo.acns.msu.edu [35.8.1.43]) by mx1.freebsd.org (Postfix) with ESMTP id 6CF2513C461 for ; Mon, 26 Feb 2007 21:28:05 +0000 (UTC) (envelope-from jerrymc@gizmo.acns.msu.edu) Received: from gizmo.acns.msu.edu (localhost [127.0.0.1]) by gizmo.acns.msu.edu (8.13.6/8.13.6) with ESMTP id l1QLPZlu060230; Mon, 26 Feb 2007 16:25:35 -0500 (EST) (envelope-from jerrymc@gizmo.acns.msu.edu) Received: (from jerrymc@localhost) by gizmo.acns.msu.edu (8.13.6/8.13.6/Submit) id l1QLPZi3060229; Mon, 26 Feb 2007 16:25:35 -0500 (EST) (envelope-from jerrymc) Date: Mon, 26 Feb 2007 16:25:35 -0500 From: Jerry McAllister To: Dan Nelson Message-ID: <20070226212535.GB60165@gizmo.acns.msu.edu> References: <20070226184043.GA59508@gizmo.acns.msu.edu> <20070226201148.GC71962@dan.emsphone.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20070226201148.GC71962@dan.emsphone.com> User-Agent: Mutt/1.4.2.2i Cc: questions@freebsd.org Subject: Re: Patches in FreeBSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Feb 2007 21:28:08 -0000 On Mon, Feb 26, 2007 at 02:11:48PM -0600, Dan Nelson wrote: > In the last episode (Feb 26), Jerry said: > > I am being forced to use something besides FreeBSD - probably Susie > > or Red Hat Linux for the base of a server system. The primary reason > > given is that when security issues come along, FreeBSD has no way of > > patching the running system, but rather requires rebuilding the > > system - CVSUP, make, install, etc whereas Susie and Red Hat can be > > patched on the fly. I presume this means kernel type security stuff > > rather than concerns about third party software. > > FreeBSD can be patched on the fly just as easily as Linux. In both > cases: Kernel fixes require a reboot. Fixes to running deamons require > them to be restarted. Fixes to shared libraries require all running > programs using them to be restarted (usually simpler to just reboot). > > YAST/up2date/whatever may automatically restart daemons (I know apt-get > in Debian does), but for something like a libc update, the fact that > the file is delivered via an RPM versus a "make install" step doesn't > save you from a reboot. I rather thought that, but wasn't informed enough at the time to make an argument. This will take some diplomacy around here, but, this is helpful. Thanks, ////jerry > > > My question is: How do I respond to this? I have seen the word > > patch used in security update messages - but didn't follow that path. > > Is that real? Does it cover kernel things essentially on the fly or > > is a 'time consuming' rebuild still needed? > > A patch lets you fix the problem listed in the security advisory > without necessarily having to do a full buildworld. The SA-07:02.bind > advisory, for example, gives instructions on how to patch, rebuild, > install, and restart named. > > -- > Dan Nelson > dnelson@allantgroup.com > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"