From owner-freebsd-security Wed May 15 18:17:14 2002 Delivered-To: freebsd-security@freebsd.org Received: from postoffice.igalaxy.net (hal.igalaxy.net [64.160.104.142]) by hub.freebsd.org (Postfix) with ESMTP id 7F7F137B400 for ; Wed, 15 May 2002 18:17:05 -0700 (PDT) Received: from mikeyg [64.160.106.13] by postoffice.igalaxy.net (SMTPD32-7.06) id A97337D50130; Wed, 15 May 2002 18:20:51 -0700 Message-ID: <063e01c1fc77$627cfa30$0301a8c0@mikeyg> Reply-To: "Mike Grissom" From: "Mike Grissom" To: References: <4.3.2.7.2.20020515153739.030e5740@nospam.lariat.org> Subject: Re: Patch/Announcement for DHCPD remote root hole? Date: Wed, 15 May 2002 18:17:01 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Admins do not have to use CVSUP in order to patch the system. If you look on the security advisories at the freebsd site, it tells you how to patch a current system and the exact steps how to do it. For example the stdio advisory: 2) To patch your present system: a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:23/stdio.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:23/stdio.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in http://www.freebsd.org/handbook/kernelconfig.html and reboot the system. ----- Original Message ----- From: "Brett Glass" To: ; Sent: Wednesday, May 15, 2002 2:45 PM Subject: RE: Patch/Announcement for DHCPD remote root hole? > At 03:31 PM 5/15/2002, Michael Lafreniere wrote: > > >CVS is a programming AND admin tool. > > Only for admins that are willing to risk problems on mission-critical > systems. One should not blindly do updates, and certainly not with > cron. > > >I don't wanna be an arse but I've been following this list for over 6 > >months now and you seem to get stuck on the same issues over and over > >again. Even after you've gotten good solid answers. > > Those "answers" were not solid. In fact, the were not really answers at all. > > They were a combination of elitist remarks (e.g. "Anyone who doesn't > use CVSup is a lamer") and poor excuses. It's sad that these vocal > few seem to have forgotten what it was like to be a new user of UNIX and > FreeBSD. Or that they lack the ethical compass to recognize that allowing > FreeBSD to install, by default, with open remote root holes and not warning > the user is simply WRONG. > > The excuses I've heard here are almost as bad as the excuses Microsoft > makes for refusing to reveal and patch security holes. > > It's sadder still that the flamers have pushed many of those who support > the ideas I'm expressing here into private mail because they don't want > to be flamed. > > --Brett > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message