From owner-freebsd-hackers@FreeBSD.ORG Wed Nov 10 17:35:35 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E2D3D16A4CE for ; Wed, 10 Nov 2004 17:35:35 +0000 (GMT) Received: from mail.freebsd.org.cn (dns3.freebsd.org.cn [61.129.66.75]) by mx1.FreeBSD.org (Postfix) with SMTP id 89F9A43D1F for ; Wed, 10 Nov 2004 17:35:30 +0000 (GMT) (envelope-from delphij@frontfree.net) Received: (qmail 43970 invoked by uid 0); 10 Nov 2004 17:29:59 -0000 Received: from unknown (HELO beastie.frontfree.net) (219.239.98.7) by mail.freebsd.org.cn with SMTP; 10 Nov 2004 17:29:59 -0000 Received: from localhost (localhost.frontfree.net [127.0.0.1]) by beastie.frontfree.net (Postfix) with ESMTP id E8B651322EB; Thu, 11 Nov 2004 01:35:22 +0800 (CST) Received: from beastie.frontfree.net ([127.0.0.1]) by localhost (beastie.frontfree.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02460-10; Thu, 11 Nov 2004 01:35:12 +0800 (CST) Received: by beastie.frontfree.net (Postfix, from userid 1001) id E2C0513207D; Thu, 11 Nov 2004 01:35:11 +0800 (CST) Date: Thu, 11 Nov 2004 01:35:11 +0800 From: Xin LI To: freebsd-hackers@FreeBSD.org, freebsd-security@FreeBSD.org Message-ID: <20041110173511.GA2940@frontfree.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="45Z9DzgjV8m4Oswq" Content-Disposition: inline User-Agent: Mutt/1.4.2.1i X-GPG-key-ID/Fingerprint: 0xCAEEB8C0 / 43B8 B703 B8DD 0231 B333 DC28 39FB 93A0 CAEE B8C0 X-GPG-Public-Key: http://www.delphij.net/delphij.asc X-Operating-System: FreeBSD beastie.frontfree.net 5.3-delphij FreeBSD 5.3-delphij #11: Tue Oct 26 14:12:03 CST 2004 delphij@beastie.frontfree.net:/usr/obj/usr/src/sys/BEASTIE i386 X-URL: http://www.delphij.net X-By: delphij@beastie.frontfree.net X-Location: Beijing, China X-Virus-Scanned: by amavisd-new at frontfree.net Subject: Is there any way to know if userland is patched? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Nov 2004 17:35:36 -0000 --45Z9DzgjV8m4Oswq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Dear folks, I'm recently investigating large scale deployment and upgrading FreeBSD RELEASE. It's our tradition to bump "RELEASE-pN" after a security patch is applied, however, it seems that there is less method to determine whether the userland is patched, which is somewhat important for large site managements. So is "uname -sr" the only way to differencate the patchlevel of a security branch? I have read Colin's freebsd-update script and to my best of knowledge this is the only way (and, on condition that we have re-compiled the kernel and installed it, and reboot'ed). Given the nature of a security or errata branch, we can expect that no API/ABI changes will occour and it should be safe to do make installworld/installkernel in any order, and bump= ing patchlevel does not mean that a reboot must be done. Please correct me if I was wrong, thanks. Cheers, --=20 Xin LI http://www.delphij.net/ See complete headers for GPG key and other information. --45Z9DzgjV8m4Oswq Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFBklFP/cVsHxFZiIoRArNMAJoDQ8xvgqMxDxlw3A8UtWMF1Wrg3gCePf52 1pfxXnFZvhYmn0saK1iOh88= =h7f6 -----END PGP SIGNATURE----- --45Z9DzgjV8m4Oswq--