From owner-freebsd-arch@FreeBSD.ORG Sun Oct 6 11:18:52 2013 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 1B386BD for ; Sun, 6 Oct 2013 11:18:52 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id D297224E8 for ; Sun, 6 Oct 2013 11:18:51 +0000 (UTC) Received: from nine.des.no (smtp.des.no [194.63.250.102]) by smtp-int.des.no (Postfix) with ESMTP id EEC026027; Sun, 6 Oct 2013 11:18:50 +0000 (UTC) Received: by nine.des.no (Postfix, from userid 1001) id 948515199F; Sun, 6 Oct 2013 13:18:54 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Peter Wemm Subject: Re: Userland patch level References: <8661tbsi40.fsf@nine.des.no> <52507F4A.1050707@wemm.org> Date: Sun, 06 Oct 2013 13:18:54 +0200 In-Reply-To: <52507F4A.1050707@wemm.org> (Peter Wemm's message of "Sat, 05 Oct 2013 14:06:18 -0700") Message-ID: <86hacuprz5.fsf@nine.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-arch@freebsd.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Oct 2013 11:18:52 -0000 Peter Wemm writes: > IMHO, promoting the parsing strings like this is fraught with danger. The > canonical one-true-version is __FreeBSD_version, I'd much rather encourage > people to refer to that, and it is available in newvers.sh in the same way > that you're building it now. The kernel and userland versions do not necessarily match, even in supported configurations. newvers.sh is not necessarily available at run time. > freebsd-version.sh.in seems fragile as presented. It's missing > loader.conf.local parsing, hardcodes the assumption that you use /boot > (vs /efi), etc. I wasn't aware of loader.conf.local. I'll add support for it. I don't know anything about efi. As for hardcoding assumptions: like the man page says, this is a *best effort* which is intended to work in the common case, i.e. either "make buildworld buildkernel installworld installkernel" from a clean, consistent tree or "freebsd-update fetch install". > The usage string has a -i option that doesn't seem to exist. Thanks, I'll fix that. > Secteam does bump the osreldate for patch releases, right? We bump newvers.sh. > Woudn't that be sufficient for userland audit tools to reliably > identify vulnerable userlands? No. I don't particularly enjoy answering the same questions over and over again. If you have any more questions, please read one of the previous threads on this subject and / or the minutes from the security session at the Malta summit. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no