From owner-freebsd-hackers  Sun Nov 16 12:52:25 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id MAA14176
          for hackers-outgoing; Sun, 16 Nov 1997 12:52:25 -0800 (PST)
          (envelope-from owner-freebsd-hackers)
Received: from sax.sax.de (sax.sax.de [193.175.26.33])
          by hub.freebsd.org (8.8.7/8.8.7) with SMTP id MAA14151
          for <freebsd-hackers@FreeBSD.ORG>; Sun, 16 Nov 1997 12:52:14 -0800 (PST)
          (envelope-from j@uriah.heep.sax.de)
Received: (from uucp@localhost) by sax.sax.de (8.6.12/8.6.12-s1) with UUCP id VAA25443; Sun, 16 Nov 1997 21:52:12 +0100
Received: (from j@localhost)
	by uriah.heep.sax.de (8.8.8/8.8.5) id VAA16209;
	Sun, 16 Nov 1997 21:37:06 +0100 (MET)
Message-ID: <19971116213706.IV38048@uriah.heep.sax.de>
Date: Sun, 16 Nov 1997 21:37:06 +0100
From: j@uriah.heep.sax.de (J Wunsch)
To: freebsd-hackers@FreeBSD.ORG
Cc: toby@milkyway.org (Toby Swanson)
Subject: Re: security patch for open()
References: <Pine.BSF.3.91.971111214721.1222B-100000@antares.milkyway.org>
X-Mailer: Mutt 0.60_p2-3,5,8-9
Mime-Version: 1.0
X-Phone: +49-351-2012 669
X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F  93 21 E0 7D F9 12 D6 4E
Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
In-Reply-To: <Pine.BSF.3.91.971111214721.1222B-100000@antares.milkyway.org>; from Toby Swanson on Nov 11, 1997 21:52:01 -0500
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

As Toby Swanson wrote:

> Please explain in plain American how to apply the patches for the open() 
> security hole that was recently released by the FreeBSD security 
> officer.  Better yet, give this FreeBSD newbie the general instructions 
> for patch application.

Sorry for not speaking plain American.  I can speak quite a bit of
German, and somewhat English.  My American is rather lousy.

I'm not sure what your background is.  Most likely, you've read the
FreeBSD security advisory, and are now stuck with the word `patch'.

Well, your first option is to simply remove /dev/io.  That's not too
bad of an option, none of the official utilities do need it anyway.

The second option requires that you first read the handbook section on
building a new kernel.  Once you know how to do this, simply pipe the
entire security advisory to the command:

	cd /usr/src; patch

...and then, go to your kernel's compile directory (/sys/compile/...),
and type

	make depend all install

Reboot your computer.

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)