Running i386 binaries on amd64

Oliver Fromme olli at lurza.secnetix.de
Tue May 16 09:19:32 UTC 2006


Kövesdán Gábor <gabor.kovesdan at t-hosting.hu> wrote:
 > I really don't want to flame about this, but I'm curious what others 
 > think about this topic, because I'm very convinced that the use of the 
 > release tag is strongly discouraged after the release.

I tend to agree.

The original poster wrote that he already has 6.1-Release
installed, so "upgrading" with RELENG_6_1_0_RELEASE doen't
make sense at all, because it won't change a bit.

Staying with the release tag might be en highly dangerous.
Look at the CERT advisories that have been published since
6.0 has been release.  All of them have been addressed in
RELENG_6_0.  It is therefore a good thing to give the
generic advice to follow RELENG_6_X (where X is now 1).

Of course, there are always very special cases with very
special requirements.  But those are in the minority, and
people having those requirements know very well themselves
what tag they should use for upgrading (if upgrading is
possible at all).  Those should not prevent us from giving
the general good advice of following the security branch,
or even the RELENG_6 "stable" branch if critical fixes
(not security-related) are an issue, too.

(Personally I'm running RELENG_6 on my machine at home
since it started to exist about one year ago, updating
every few weeks, with zero problems.)

By the way:  There are also security holes which affect
machines that are _not_ connected to the internet, for
example the recently discovered FPU state bug on AMD
processors, or the information leak on hyperthreading
(intel) processors.  Both of them can be exploited so
that processes can obtain priviledged information, or
even gain increased priviledges.  Of course, there might
be machines where it doesn't matter if every process can
have root priviledges.  But that's certainly not very
common.  If you run a UNIX system, you usually want to
take advantage of having different users and groups, and
maybe even advanced features such as the new MAC labels
and policies.

Just my 2 cents.

Best regards
   Oliver

PS:  Uhm ...  Shouldn't this be redirected to freebsd-chat?

-- 
Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

"Python is an experiment in how much freedom programmers need.
Too much freedom and nobody can read another's code; too little
and expressiveness is endangered."
        -- Guido van Rossum


More information about the freebsd-amd64 mailing list