Patches in FreeBSD
jerrymc at msu.edu
Mon Feb 26 21:28:08 UTC 2007
On Mon, Feb 26, 2007 at 02:11:48PM -0600, Dan Nelson wrote:
> In the last episode (Feb 26), Jerry said:
> > I am being forced to use something besides FreeBSD - probably Susie
> > or Red Hat Linux for the base of a server system. The primary reason
> > given is that when security issues come along, FreeBSD has no way of
> > patching the running system, but rather requires rebuilding the
> > system - CVSUP, make, install, etc whereas Susie and Red Hat can be
> > patched on the fly. I presume this means kernel type security stuff
> > rather than concerns about third party software.
> FreeBSD can be patched on the fly just as easily as Linux. In both
> cases: Kernel fixes require a reboot. Fixes to running deamons require
> them to be restarted. Fixes to shared libraries require all running
> programs using them to be restarted (usually simpler to just reboot).
> YAST/up2date/whatever may automatically restart daemons (I know apt-get
> in Debian does), but for something like a libc update, the fact that
> the file is delivered via an RPM versus a "make install" step doesn't
> save you from a reboot.
I rather thought that, but wasn't informed enough at the time to
make an argument.
This will take some diplomacy around here, but, this is helpful.
> > My question is: How do I respond to this? I have seen the word
> > patch used in security update messages - but didn't follow that path.
> > Is that real? Does it cover kernel things essentially on the fly or
> > is a 'time consuming' rebuild still needed?
> A patch lets you fix the problem listed in the security advisory
> without necessarily having to do a full buildworld. The SA-07:02.bind
> advisory, for example, gives instructions on how to patch, rebuild,
> install, and restart named.
> Dan Nelson
> dnelson at allantgroup.com
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions