Date: Thu, 11 Nov 2004 01:35:11 +0800 From: Xin LI <delphij@frontfree.net> To: freebsd-hackers@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Is there any way to know if userland is patched? Message-ID: <20041110173511.GA2940@frontfree.net>
next in thread | raw e-mail | index | archive | help
--45Z9DzgjV8m4Oswq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Dear folks, I'm recently investigating large scale deployment and upgrading FreeBSD RELEASE. It's our tradition to bump "RELEASE-pN" after a security patch is applied, however, it seems that there is less method to determine whether the userland is patched, which is somewhat important for large site managements. So is "uname -sr" the only way to differencate the patchlevel of a security branch? I have read Colin's freebsd-update script and to my best of knowledge this is the only way (and, on condition that we have re-compiled the kernel and installed it, and reboot'ed). Given the nature of a security or errata branch, we can expect that no API/ABI changes will occour and it should be safe to do make installworld/installkernel in any order, and bump= ing patchlevel does not mean that a reboot must be done. Please correct me if I was wrong, thanks. Cheers, --=20 Xin LI <delphij frontfree net> http://www.delphij.net/ See complete headers for GPG key and other information. --45Z9DzgjV8m4Oswq Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBklFP/cVsHxFZiIoRArNMAJoDQ8xvgqMxDxlw3A8UtWMF1Wrg3gCePf52 1pfxXnFZvhYmn0saK1iOh88= =h7f6 -----END PGP SIGNATURE----- --45Z9DzgjV8m4Oswq--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041110173511.GA2940>