Patches in FreeBSD

Jerry McAllister jerrymc at msu.edu
Mon Feb 26 21:28:08 UTC 2007 

On Mon, Feb 26, 2007 at 02:11:48PM -0600, Dan Nelson wrote:

> In the last episode (Feb 26), Jerry said:
> > I am being forced to use something besides FreeBSD - probably Susie
> > or Red Hat Linux for the base of a server system.  The primary reason
> > given is that when security issues come along, FreeBSD has no way of
> > patching the running system, but rather requires rebuilding the
> > system - CVSUP, make, install, etc whereas Susie and Red Hat can be
> > patched on the fly.  I presume this means kernel type security stuff
> > rather than concerns about third party software.
> 
> FreeBSD can be patched on the fly just as easily as Linux.  In both
> cases: Kernel fixes require a reboot.  Fixes to running deamons require
> them to be restarted.  Fixes to shared libraries require all running
> programs using them to be restarted (usually simpler to just reboot).
> 
> YAST/up2date/whatever may automatically restart daemons (I know apt-get
> in Debian does), but for something like a libc update, the fact that
> the file is delivered via an RPM versus a "make install" step doesn't
> save you from a reboot.

I rather thought that, but wasn't informed enough at the time to
make an argument.  

This will take some diplomacy around here, but, this is helpful.

Thanks,

////jerry

>  
> > My question is:   How do I respond to this? I have seen the word
> > patch used in security update messages - but didn't follow that path. 
> > Is that real?  Does it cover kernel things essentially on the fly or
> > is a 'time consuming' rebuild still needed?
> 
> A patch lets you fix the problem listed in the security advisory
> without necessarily having to do a full buildworld.  The SA-07:02.bind
> advisory, for example, gives instructions on how to patch, rebuild,
> install, and restart named.
> 
> -- 
> 	Dan Nelson
> 	dnelson at allantgroup.com
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list