Patches in FreeBSD

Dan Nelson dnelson at
Mon Feb 26 20:12:23 UTC 2007

In the last episode (Feb 26), Jerry said:
> I am being forced to use something besides FreeBSD - probably Susie
> or Red Hat Linux for the base of a server system.  The primary reason
> given is that when security issues come along, FreeBSD has no way of
> patching the running system, but rather requires rebuilding the
> system - CVSUP, make, install, etc whereas Susie and Red Hat can be
> patched on the fly.  I presume this means kernel type security stuff
> rather than concerns about third party software.

FreeBSD can be patched on the fly just as easily as Linux.  In both
cases: Kernel fixes require a reboot.  Fixes to running deamons require
them to be restarted.  Fixes to shared libraries require all running
programs using them to be restarted (usually simpler to just reboot).

YAST/up2date/whatever may automatically restart daemons (I know apt-get
in Debian does), but for something like a libc update, the fact that
the file is delivered via an RPM versus a "make install" step doesn't
save you from a reboot.
> My question is:   How do I respond to this? I have seen the word
> patch used in security update messages - but didn't follow that path. 
> Is that real?  Does it cover kernel things essentially on the fly or
> is a 'time consuming' rebuild still needed?

A patch lets you fix the problem listed in the security advisory
without necessarily having to do a full buildworld.  The SA-07:02.bind
advisory, for example, gives instructions on how to patch, rebuild,
install, and restart named.

	Dan Nelson
	dnelson at

More information about the freebsd-questions mailing list