FreeBSD 4.x EoL

Paul Allen nospam at
Thu Oct 19 18:15:51 PDT 2006

>From Robert Watson <rwatson at>, Fri, Oct 20, 2006 at 12:51:13AM +0100:
> On Tue, 17 Oct 2006, security wrote:
> >  You'll have the sources.  If you're using 4.11 in a business, you need 
> >  to decide if it's more cost effective to move on to 6 or hire someone to 
> >keep 4.11 running.  There's compat_4 to keep most userland apps happy.  
> >I'm sure you could argue the various design issues to your hearts content 
> >on the news groups, but practically speaking, I don't have an issue with 
> >this.  Nor is it all that different from your typical paid for support 
> >model for a proprietary OS.
> >
> >It's not like the poor folks that got stuck with a business app that was 
> >locked to win95 or 98 with bizarre undocumented API's
> While possibly not advisable in the long term, I ran a 4.x postfix and 
> cyrus server install on 6.x using compat4 for about six months without 
> problems. The place where it gets tricky is updating the 4.x binaries, 
> which requires a 4.x chroot, since I was running a native 6.x userland for 
> everything else. I've now gotten over that, but it worked quite well and 
> was extremely useful that I could avoid doing the upgrade all at once -- 
> upgrade the OS first, let it settle, then upgrade the applications.  The 
> only issue I ran into was actually that the location of the Cyrus sasl unix 
> domain socket had moved, and once I tracked that down, all was well (so not 
> a FreeBSD nit, an application nit).
Let me toss a bit of caution from experience regarding this: 

I too ran such 6.x system.  It had a jailed FreeBSD 4.x userland 
(restored and modified from the original FreeBSD 4.x backups).
Almost everything worked properly--but there were some strange vm
related inconsistencies (exposed by a program rolling its own
gc implementation and using mprotect and SEGV).

Obviously this was an unusual case but it's unfortuantely proof that
some things escape having the necessary compat lines in your kernel

Still I counted myself lucky.


More information about the freebsd-security mailing list