Date: Sat, 1 Oct 2011 21:48:21 +0200 From: =?iso-8859-1?Q?Eirik_=D8verby?= <ltning@anduin.net> To: Doug Barton <dougb@FreeBSD.org> Cc: freebsd-security@freebsd.org, Mike Brown <mike@skew.org>, Eitan Adler <lists@eitanadler.com> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-11:05.unix Message-ID: <808B16DD-6AC6-438D-B2AE-895C5875EFC5@anduin.net> In-Reply-To: <4E86A12E.3070600@FreeBSD.org> References: <201110010410.p914Ap3F001617@chilled.skew.org> <4E86A12E.3070600@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Oct 1, 2011, at 07:12, Doug Barton wrote: > On 09/30/2011 21:10, Mike Brown wrote: >> Eitan Adler wrote: >>>> do I reboot for this one, or not? >>> The kernel is changed, so yes. >>=20 >> Thanks. I had guessed a reboot was needed, but the advisory only = mentioned a=20 >> reboot in the context of building the kernel from sources. Hopefully, = when a=20 >> reboot is required, future advisories will mention it in the = freebsd-update(8)=20 >> instructions. >=20 > When would a reboot not be needed for a kernel change? Try this: When freebsd-update doesn't actually tell you to reboot. I would expect freebsd-update to inform me that I need to reboot if = anything in /boot (or at least /boot/kernel) was touched. In particular = when /boot/kernel/kernel was touched. I know I've been told by = freebsd-update to do a two-stage update in the past (freebsd-update = install, reboot single-user, freebsd-update install again) - I had = expected it to do the same this time, but it didn't on any of the = dozen-and-a-half systems I ran it on. When looking at the list of files changed between 8.2-RELEASE-p2 and = -p3, the /boot/kernel/kernel is easily missed among them. It's easily = concieveable that a system gets patched and then not rebooted for months = in a case like this. /Eirik=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?808B16DD-6AC6-438D-B2AE-895C5875EFC5>