Userland patch level
Dag-Erling Smørgrav
des at des.no
Sun Oct 6 11:18:52 UTC 2013
Peter Wemm <peter at wemm.org> writes:
> IMHO, promoting the parsing strings like this is fraught with danger. The
> canonical one-true-version is __FreeBSD_version, I'd much rather encourage
> people to refer to that, and it is available in newvers.sh in the same way
> that you're building it now.
The kernel and userland versions do not necessarily match, even in
supported configurations.
newvers.sh is not necessarily available at run time.
> freebsd-version.sh.in seems fragile as presented. It's missing
> loader.conf.local parsing, hardcodes the assumption that you use /boot
> (vs /efi), etc.
I wasn't aware of loader.conf.local. I'll add support for it.
I don't know anything about efi.
As for hardcoding assumptions: like the man page says, this is a *best
effort* which is intended to work in the common case, i.e. either "make
buildworld buildkernel installworld installkernel" from a clean,
consistent tree or "freebsd-update fetch install".
> The usage string has a -i option that doesn't seem to exist.
Thanks, I'll fix that.
> Secteam does bump the osreldate for patch releases, right?
We bump newvers.sh.
> Woudn't that be sufficient for userland audit tools to reliably
> identify vulnerable userlands?
No.
I don't particularly enjoy answering the same questions over and over
again. If you have any more questions, please read one of the previous
threads on this subject and / or the minutes from the security session
at the Malta summit.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-arch
mailing list