Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 11 Nov 2004 01:35:11 +0800
From:      Xin LI <delphij@frontfree.net>
To:        freebsd-hackers@FreeBSD.org, freebsd-security@FreeBSD.org
Subject:   Is there any way to know if userland is patched?
Message-ID:  <20041110173511.GA2940@frontfree.net>

next in thread | raw e-mail | index | archive | help

--45Z9DzgjV8m4Oswq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Dear folks,

I'm recently investigating large scale deployment and upgrading FreeBSD
RELEASE.  It's our tradition to bump "RELEASE-pN" after a security patch
is applied, however, it seems that there is less method to determine
whether the userland is patched, which is somewhat important for large
site managements.

So is "uname -sr" the only way to differencate the patchlevel of a security
branch?  I have read Colin's freebsd-update script and to my best of
knowledge this is the only way (and, on condition that we have re-compiled
the kernel and installed it, and reboot'ed).  Given the nature of a security
or errata branch, we can expect that no API/ABI changes will occour and it
should be safe to do make installworld/installkernel in any order, and bump=
ing
patchlevel does not mean that a reboot must be done.

Please correct me if I was wrong, thanks.

Cheers,
--=20
Xin LI <delphij frontfree net>	http://www.delphij.net/
See complete headers for GPG key and other information.


--45Z9DzgjV8m4Oswq
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)

iD8DBQFBklFP/cVsHxFZiIoRArNMAJoDQ8xvgqMxDxlw3A8UtWMF1Wrg3gCePf52
1pfxXnFZvhYmn0saK1iOh88=
=h7f6
-----END PGP SIGNATURE-----

--45Z9DzgjV8m4Oswq--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041110173511.GA2940>