Date: Fri, 12 Jul 2002 17:13:17 -0700 From: "brian j. peterson" <rbw@myplace.org> To: Darren Pilgrim <dmp@pantherdragon.org>, freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:30.ktrace Message-ID: <20020713001317.GD8059@malkavian.org> In-Reply-To: <20020712235125.GA91126@peitho.fxp.org> References: <200207122046.g6CKkDFN099899@freefall.freebsd.org> <3D2F531B.453A6855@pantherdragon.org> <20020712230903.GA25363@peitho.fxp.org> <3D2F6A38.72F41EE1@pantherdragon.org> <20020712235125.GA91126@peitho.fxp.org>
next in thread | previous in thread | raw e-mail | index | archive | help
if you are tracking RELENG_4_6 (or any RELENG_x_y), /usr/src/UPDATING
will tell you what security patches have been applied to your source.
i find this very helpful for situations like this.
from /usr/src/UPDATING:
********
20020712: p2 FreeBSD-SA-02:29.tcpdump
A buffer overflow in tcpdump has been corrected.
20020711: FreeBSD-SA-02:30.ktrace
Prevent users from tracing previously privileged processes.
20020708:
A tags bug in the ata(4) subsystem has been corrected.
20020626: p1
A fix for a buffer overflow in libc has been corrected.
20020615:
FreeBSD 4.6-RELEASE.
********
-brian
On Fri, Jul 12, 2002 at 07:51:25PM -0400, Chris Faulhaber wrote:
> On Fri, Jul 12, 2002 at 04:46:00PM -0700, Darren Pilgrim wrote:
> > Chris Faulhaber wrote:
> > > On Fri, Jul 12, 2002 at 03:07:23PM -0700, Darren Pilgrim wrote:
> > > > When will this patch be merged into the security branches, or was it
> > > > included with the tcpdump fix and the merge just not mentioned?
> > >
> > > ???
> >
> > In the tcpdump SA, for example, we were told that updating to
> > 4.6-RELEASE-p2 would fix the problem for 4.6. There was no such
> > statement in the ktrace SA, so we're left with either going to stable
>
> Ah, ok. Yeah, looks like that was left out.
>
> > or applying the patch. While patching isn't much effort at all, I
> > just don't like it. One of the big attractors to FreeBSD is the CVS
> > method for getting all updates, fixes, and upgrades. It makes things
> > work really well without the worry of version conflicts and source
> > discrepancies that patching can induce.
> >
> > I guess the better question should have been: is the ktrace fix
> > included in 4.6-RELEASE-p2?
>
> Yes, 4.6-RELEASE-p2 does contain the fix.
>
> --
> Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
> --------------------------------------------------------
> FreeBSD: The Power To Serve - http://www.FreeBSD.org
--
--===-----=======-----------=============-----------------===================
bjp aka rbw | and did you exchange a walk on part in the war
rbw@myplace.org | for a lead role in a cage?
===================-----------------=============-----------=======-----===--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020713001317.GD8059>