Date: Sat, 05 Oct 2013 20:11:27 +0200 From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no> To: arch@freebsd.org Subject: Userland patch level Message-ID: <8661tbsi40.fsf@nine.des.no>
next in thread | raw e-mail | index | archive | help
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
The attached patch adds a shell script, /libexec/freebsd-version, which
has the current version patch level hardcoded and prints them when run.
It can also be used to extract the version and patch level from the
installed kernel, even before rebooting after an upgrade. The goal is
to be able to correctly determine the userland version in situations
where it does not match what the running kernel reports, which is
commonly the case when using freebsd-update or when running inside a
jail. In the long run, this will make it possible for `pkg audit` and
similar tools to correctly report a vulnerable userland.
DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no
--=-=-=
Content-Type: text/x-patch; charset=utf-8
Content-Disposition: attachment; filename=freebsd-version.diff
Content-Transfer-Encoding: quoted-printable
Index: libexec/Makefile
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- libexec/Makefile (revision 256063)
+++ libexec/Makefile (working copy)
@@ -8,6 +8,7 @@
bootpd \
${_comsat} \
fingerd \
+ freebsd-version \
ftpd \
getty \
${_mail.local} \
Index: libexec/freebsd-version/Makefile
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- libexec/freebsd-version/Makefile (revision 0)
+++ libexec/freebsd-version/Makefile (working copy)
@@ -0,0 +1,20 @@
+# $FreeBSD$
+
+SCRIPTS =3D freebsd-version
+MAN =3D freebsd-version.1
+CLEANFILES =3D freebsd-version.sh
+NEWVERS =3D ${.CURDIR}/../../sys/conf/newvers.sh
+
+freebsd-version.sh.in: ${NEWVERS}
+freebsd-version.sh: freebsd-version.sh.in
+ eval $$(egrep '^(TYPE|REVISION|BRANCH)=3D' ${NEWVERS}) ; \
+ if ! sed -e "\
+ s/@@TYPE@@/$${TYPE}/g; \
+ s/@@REVISION@@/$${REVISION}/g; \
+ s/@@BRANCH@@/$${BRANCH}/g; \
+ " ${.ALLSRC} >${.TARGET} ; then \
+ rm -f ${.TARGET} ; \
+ exit 1 ; \
+ fi
+
+.include <bsd.prog.mk>
Property changes on: libexec/freebsd-version/Makefile
___________________________________________________________________
Added: svn:keywords
## -0,0 +1 ##
+Id
\ No newline at end of property
Index: libexec/freebsd-version/freebsd-version.1
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- libexec/freebsd-version/freebsd-version.1 (revision 0)
+++ libexec/freebsd-version/freebsd-version.1 (working copy)
@@ -0,0 +1,124 @@
+.\"-
+.\" Copyright (c) 2013 Dag-Erling Sm=C3=B8rgrav
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PUR=
POSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUEN=
TIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, ST=
RICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY =
WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.Dd October 5, 2013
+.Dt FREEBSD-VERSION 1
+.Os
+.Sh NAME
+.Nm freebsd-version
+.Nd print the version and patch level of the installed system
+.Sh SYNOPSIS
+.Nm
+.Op Fl ku
+.Sh DESCRIPTION
+The
+.Nm
+utility makes a best effort to determine the version and patch level
+of the installed kernel and / or userland.
+.Pp
+The following options are available:
+.Bl -tag -width Fl
+.It Fl k
+Print the version and patch level of the installed kernel.
+Unlike
+.Xr uname 1 ,
+if a new kernel has been installed but the system has not yet
+rebooted,
+.Nm
+will print the version and patch level of the new kernel.
+.It Fl u
+Print the version and patch level of the installed userland.
+These are hardcoded into
+.Nm
+during the build.
+.El
+.Pp
+If both
+.Fl k
+and
+.Fl u
+are specified,
+.Nm
+will print the kernel version first, then the userland version, on
+separate lines.
+If neither is specified, it will print the userland version only.
+.Sh IMPLEMENTATION NOTES
+The
+.Nm
+utility should provide the correct answer in the vast majority of
+cases, including on systems kept up-to-date using
+.Xr freebsd-update 8 ,
+which does not update the kernel version unless the kernel itself was
+affected by the latest patch.
+.Pp
+To determine the name (and hence the location) of a custom kernel, the
+.Nm
+utility will attempt to parse
+.Pa /boot/defaults/loader.conf
+and
+.Pa /boot/loader.conf ,
+looking for definitions of the
+.Va kernel
+and
+.Va bootfile
+variables, both with a default value of
+.Dq kernel .
+It may however fail to locate the correct kernel if either or both of
+these variables are defined in a non-standard location, such as in
+.Pa /boot/loader.rc .
+.Sh ENVIRONMENT
+.Bl -tag -width ROOT
+.It Ev ROOT
+Path to the root of the filesystem in which to look for
+.Pa loader.conf
+and the kernel.
+.El
+.Sh EXAMPLES
+To determine the version of the currently running userland:
+.Bd -literal -offset indent
+/libexec/freebsd-version -u
+.Ed
+.Pp
+To inspect a system being repaired using a live CD:
+.Bd -literal -offset indent
+mount -rt ufs /dev/ada0p2 /mnt
+env ROOT=3D/mnt /mnt/libexec/freebsd-version -ku
+.Ed
+.Sh SEE ALSO
+.Xr uname 1 ,
+.Xr loader.conf 5 ,
+.Xr freebsd-version 8
+.Sh HISTORY
+The
+.Nm
+command appeared in
+.Fx 10.0 .
+.Sh AUTHORS
+The
+.Nm
+utility and this manual page were written by
+.An Dag-Erling Sm\(/orgrav Aq des@FreeBSD.org .
Property changes on: libexec/freebsd-version/freebsd-version.1
___________________________________________________________________
Added: svn:keywords
## -0,0 +1 ##
+FreeBSD=3D%H
\ No newline at end of property
Index: libexec/freebsd-version/freebsd-version.sh.in
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- libexec/freebsd-version/freebsd-version.sh.in (revision 0)
+++ libexec/freebsd-version/freebsd-version.sh.in (working copy)
@@ -0,0 +1,126 @@
+#!/bin/sh
+#-
+# Copyright (c) 2013 Dag-Erling Sm=C3=B8rgrav
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPO=
SE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTI=
AL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRI=
CT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+set -e
+
+USERLAND_VERSION=3D"@@REVISION@@-@@BRANCH@@"
+
+LOADER_DEFAULTS=3D"/boot/defaults/loader.conf"
+LOADER_CONF=3D"/boot/loader.conf"
+LOADER_RE1=3D'^\([A-Z_a-z][0-9A-Z_a-z]*=3D[-./0-9A-Z_a-z]\{1,\}\).*$'
+LOADER_RE2=3D'^\([A-Z_a-z][0-9A-Z_a-z]*=3D"[-./0-9A-Z_a-z]\{1,\}"\).*$'
+KERNEL_RE=3D'^@(#)@@TYPE@@ \([-.0-9A-Za-z]\{1,\}\) .*$'
+
+progname=3D$(basename $0)
+
+#
+# Print an error message and exit.
+#
+error() {
+ echo "$progname: $*" >&2
+ exit 1
+}
+
+#
+# Try to get the name of the installed kernel from loader.conf and
+# return the full path. If loader.conf does not exist or we could not
+# read it, return the path to the default kernel.
+#
+kernel_file() {
+ eval $(sed -n "s/$LOADER_RE1/\\1;/p; s/$LOADER_RE2/\\1;/p" \
+ $ROOT$LOADER_DEFAULTS $ROOT$LOADER_CONF \
+ 2>/dev/null)
+ echo "$ROOT/boot/${kernel:-kernel}/${bootfile:-kernel}"
+}
+
+#
+# Extract the kernel version from the installed kernel.
+#
+kernel_version() {
+ kernfile=3D$(kernel_file)
+ if [ ! -f "$kernfile" -o ! -r "$kernfile" ] ; then
+ error "unable to locate kernel"
+ fi
+ strings "$kernfile" | sed -n "s/$KERNEL_RE/\\1/p"
+}
+
+#
+# Print the hardcoded userland version.
+#
+userland_version() {
+ echo $USERLAND_VERSION
+}
+
+#
+# Print a usage string and exit.
+#
+usage() {
+ echo "usage: $progname [-iku]\n" >&2
+ exit 1
+}
+
+#
+# Main program.
+#
+main() {
+ # parse command-line arguments
+ while getopts "ku" option ; do
+ case $option in
+ k)
+ opt_k=3D1
+ ;;
+ u)
+ opt_u=3D1
+ ;;
+ *)
+ usage
+ ;;
+ esac
+ done
+ if [ $OPTIND -le $# ] ; then
+ usage
+ fi
+
+ # default is -u
+ if [ $((opt_k + opt_u)) -eq 0 ] ; then
+ opt_u=3D1
+ fi
+
+ # print kernel version
+ if [ $opt_k ] ; then
+ kernel_version
+ fi
+
+ # print userland version
+ if [ $opt_u ] ; then
+ userland_version
+ fi
+}
+
+main "$@"
Property changes on: libexec/freebsd-version/freebsd-version.sh.in
___________________________________________________________________
Added: svn:keywords
## -0,0 +1 ##
+FreeBSD=3D%H
\ No newline at end of property
--=-=-=--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8661tbsi40.fsf>