From owner-freebsd-security@FreeBSD.ORG Fri Aug 10 12:06:58 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BA9F7106566B for ; Fri, 10 Aug 2012 12:06:58 +0000 (UTC) (envelope-from robertot@redix.it) Received: from redix.it (60.226.93.77.dsl.static.ip.kpnqwest.it [77.93.226.60]) by mx1.freebsd.org (Postfix) with SMTP id E9A298FC0C for ; Fri, 10 Aug 2012 12:06:57 +0000 (UTC) Received: (qmail 7621 invoked by uid 581); 10 Aug 2012 12:06:56 -0000 Received: from robertot@redix.it by mail by uid 504 with qmail-scanner-1.20 ( Clear:RC:1(127.0.0.1):. Processed in 0.005456 secs); 10 Aug 2012 12:06:56 -0000 Received: from unknown (HELO mail.redix.it) (127.0.0.1) by redix.it with SMTP; 10 Aug 2012 12:06:56 -0000 Received: from 87.4.128.224 (SquirrelMail authenticated user robertot) by mail.redix.it:443 with HTTP; Fri, 10 Aug 2012 14:06:56 +0200 (CEST) Message-ID: <1510.87.4.128.224.1344600416.squirrel@mail.redix.it:443> In-Reply-To: <001701cd7648$c2520350$46f609f0$@com> References: <31946.192.168.0.107.1344505442.squirrel@mail.redix.it:443> <0B65D7562F9DA04FAC3F15C508BF67136B90E09E1F@ESESSCMS0355.eemea.ericsson.se> <33584.192.168.0.107.1344519530.squirrel@mail.redix.it:443> <001701cd7648$c2520350$46f609f0$@com> Date: Fri, 10 Aug 2012 14:06:56 +0200 (CEST) From: "Roberto" To: freebsd-security@freebsd.org User-Agent: SquirrelMail/1.4.8 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: RE: getting the running patch level X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Aug 2012 12:06:58 -0000 So as far I understand, if the kernel is not updated by the update process, it is not possible to get via "uname" the currently patch level. I also read about put some syscall to return from the kernel the current patch level, but still this solution is "bound" to the kernel modification, which could be not in all cases; in my opinion, why should the kernel keep track of user space packages ? in other word, if freebsd-update change a ssh package (just an example) why this operation should have side effects with the kernel ? But this is just my opinion. I also think this task (keeping track of patch level) should better related to the command freebsd-update itself, should not ? could the update system (that include freebsd-update) keep track of what is the current system patching state ? and why not all previous package updates ? still these are my ideas... Roberto On Thu, August 9, 2012 18:05, Cedric GROSS wrote: > Hello Roberto, > > In fact "uname -a" report patch level BUT if you update your system by > freebsd-update, patch level could be an old one. > As discuss here http://forums.freebsd.org/archive/index.php/t-20154.html > > Regards > Cedric