From owner-freebsd-security@FreeBSD.ORG Tue Oct 11 13:58:32 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BFC3616A45E for ; Tue, 11 Oct 2005 13:58:32 +0000 (GMT) (envelope-from marsgmiro@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4DCA743D46 for ; Tue, 11 Oct 2005 13:58:31 +0000 (GMT) (envelope-from marsgmiro@gmail.com) Received: by zproxy.gmail.com with SMTP id z31so340063nzd for ; Tue, 11 Oct 2005 06:58:31 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=uphsJH3fxSnB9CzItSwI94U5RgobslFiCJRFX6M/plhkrYqPgaou6ZY6/9umfHoMKqr+oyUZHs4yPaCY7O9bqfZn4fHT6oQpZp1opJejbHD5/lcASy1te1Ce0YYQgzrxc77ilZmYN4UZRTf3HzAYzrkCSLyD1TmK2cptdh98dkI= Received: by 10.36.56.10 with SMTP id e10mr1295344nza; Tue, 11 Oct 2005 06:58:30 -0700 (PDT) Received: by 10.36.72.10 with HTTP; Tue, 11 Oct 2005 06:58:29 -0700 (PDT) Message-ID: <28edec3c0510110658s5d663d4et1a824174e20bf851@mail.gmail.com> Date: Tue, 11 Oct 2005 21:58:29 +0800 From: "Mars G. Miro" To: jere@htnet.hr, freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Mailman-Approved-At: Wed, 12 Oct 2005 12:44:34 +0000 Cc: Subject: Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Oct 2005 13:58:32 -0000 > unfortunately, this is the dark side of FreeBSD security patch > management :) and I think also the main reason FreeBSD isn't so widely > deployed into enterprise environments. It's ok for hacking or managing > few boxes but try to imagine how to manage security on hundreds of them > this way. :( > on the other side (bright side :) you can try to use unofficial and > often somewhat slowly updating solutions such as bsdupdate > (www.bsdupdates.com) or freebsd-update (from ports tree). > currently, FreeBSD just don't have a mechanism to handle security > advisories in quick way. > any suggestions/corrections ? > j. You can always designate a build box and NFS share /usr/obj and /usr/src and have the other FreeBSD boxens mount this and then do an install{world/kernel} jimmy at inet-solutions.be wrote: > Quoting FreeBSD Security Advisories : > > >>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D >>FreeBSD-SA-05:21.openssl Security Advi= sory >> The FreeBSD Pro= ject > > [..] > >>c) Recompile the operating system as described in >>>http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html = >. > > > Is there any reason why one would need to compile the whole operating sys= tem? > I can understand that static linked apps need to be recompiled, but which > are there actually any at all (and linked against openssl)? > > Kind regards, > Jimmy Scott > > ---------------------------------------------------------------- > This message has been sent through ihosting.be > To report spamming or other unaccepted behavior > by a iHosting customer, please send a message > to abuse at ihosting.be > ---------------------------------------------------------------- > _______________________________________________ > freebsd-security at freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd= .org" > cheers mars