From owner-freebsd-security@FreeBSD.ORG Fri Aug 10 17:49:17 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DD92B106564A for ; Fri, 10 Aug 2012 17:49:17 +0000 (UTC) (envelope-from snabb@epipe.com) Received: from angkar.epipe.com (angkar.epipe.com [IPv6:2001:470:b:566::4]) by mx1.freebsd.org (Postfix) with ESMTP id AE7BF8FC08 for ; Fri, 10 Aug 2012 17:49:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=epipe.com; s=default; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References:Subject:To:MIME-Version:From:Date:Message-ID; bh=1ZG1i/5PxNX9o6f83jqBPoCq+rcwxbigMrWNRzDMw/I=; b=AE3XRKmhvvLP2AbVa3q3TJ7nzBIGbxFBud7zKYT15GfWSd6c/9vcmyKBSK/ogSt0+a4ZwO5DAgLkKt/egZiikFrm3sMNX2LB5VXFJPbIErtxjlKghJIYyZon9jzG2NbLuXvw37I9HxHDK6BVKzkPO9OcxixCaKfj57kOYnb2drc=; Received: by angkar.epipe.com with esmtpsa (TLS1.0:ECDHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1SztKn-0004nc-0V for freebsd-security@freebsd.org; Fri, 10 Aug 2012 17:49:17 +0000 Message-ID: <5025496F.5020807@epipe.com> Date: Sat, 11 Aug 2012 00:48:31 +0700 From: Janne Snabb MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <0B65D7562F9DA04FAC3F15C508BF67136B90E09E1F@ESESSCMS0355.eemea.ericsson.se> <001701cd7648$c2520350$46f609f0$@com> <5024f984.45ca320a.1838.4155SMTPIN_ADDED@mx.google.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: getting the running patch level X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Aug 2012 17:49:18 -0000 On 08/10/2012 11:55 PM, Chris BeHanna wrote: > Split off a version.ko and update that with each patch? There is often no need to reboot the machine unless the kernel is affected (just restart the affected daemons). Thus the information would not necessarily match the userland status. The userland and kernel versions need to be kept separate because they may not match. I am often struggling to remember if I updated some machine already or not. I now need to compare the time stamps of newvers.sh and installed binaries to find out. IMHO a sensible approach would be something like what most Linux distros do: Have some file in a standard location and put the information there by generating that file from newvers.sh during make buildworld / installworld". Having it only in the source tree is not sufficient as not every machine has the source tree installed. On LSB compliant Linux distributions the proper way to find this out is the lsb_release command. On many Linux distributions there is also a /etc/DISTRONAME-release file which can be checked (for example /etc/debian-release on Debian and /etc/redhat-release on RHEL and clones). How about /etc/freebsd-release? Or freebsd_release command (shell script) which takes the same flags as lsb_release? -- Janne Snabb / EPIPE Communications snabb@epipe.com - http://epipe.com/