Is there any way to know if userland is patched?
Xin LI
delphij at frontfree.net
Wed Nov 10 09:35:36 PST 2004
Dear folks,
I'm recently investigating large scale deployment and upgrading FreeBSD
RELEASE. It's our tradition to bump "RELEASE-pN" after a security patch
is applied, however, it seems that there is less method to determine
whether the userland is patched, which is somewhat important for large
site managements.
So is "uname -sr" the only way to differencate the patchlevel of a security
branch? I have read Colin's freebsd-update script and to my best of
knowledge this is the only way (and, on condition that we have re-compiled
the kernel and installed it, and reboot'ed). Given the nature of a security
or errata branch, we can expect that no API/ABI changes will occour and it
should be safe to do make installworld/installkernel in any order, and bumping
patchlevel does not mean that a reboot must be done.
Please correct me if I was wrong, thanks.
Cheers,
--
Xin LI <delphij frontfree net> http://www.delphij.net/
See complete headers for GPG key and other information.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20041111/2e799244/attachment.bin
More information about the freebsd-hackers
mailing list