a few questions and concepts

Jonathan Horne freebsd at dfwlp.com
Fri Apr 7 20:54:21 UTC 2006

im still pretty new to freebsd.  ive been playing around with the cvsup
tools, and they are quite fascinating.

i changed my production server from Fedora to FreeBSD 6.0, about 1 day
before the most recent sendmail exploit was published (well, published on
freebsd.org anyway).  i did download the patch and recompile it, but as
some have also noted on this list, that it still banners as 8.13.4 when
you telnet to it.

so, the past couple of days, i have learned to cvsup my /usr/src
directories.  ive just been using the standard copy of the stable-supfile.
 i have learned that if i perform the sendmail recompile after the cvsup,
that it sendmail seems to proclaim 8.13.6 in the banner.  on top of that,
i have learned that if i recompile the kernel after cvsup, that it no
longer says FreeBSD 6.0-RELEASE, but FreeBSD 6.1-PRERELEASE.

my questions:
1) after cvsup, i think i can assume that sendmail is now compiling from
sourcecode that should definatly be free from the current exploit.  i
would also assume that anything that i would need to recompile from
/usr/src should also see the benefit of 'latest source code'?
2) on a production server, should i avoid recompiling a kernel that will
be FreeBSD 6.1-PRERELEASE?  on the whole, how reliable is the bulk of
these newer sources that were pulled down by cvsup?

i can definatly see the benefits of using cvsup to take care of problem
with some things (like sendmail), but allowing it to update everything
under the /usr/src tree, im wondering if i could be setting myself up for
issues (by not editing the stable-supfile and taking only what i need).

last, im also as well interested in hearing how some of my peers here
apply the cvsup concepts to your production servers.

thanks for reading,
Jonathan Horne

More information about the freebsd-questions mailing list