FreeBSD Security Advisory FreeBSD-SA-05:21.openssl

Mars G. Miro marsgmiro at gmail.com
Tue Oct 11 06:58:32 PDT 2005


> unfortunately, this is the dark side of FreeBSD security patch
> management :)  and I think also the main reason FreeBSD isn't so widely
> deployed into enterprise environments. It's ok for hacking or managing
> few boxes but try to imagine how to manage security on hundreds of them
> this way. :(

> on the other side (bright side :) you can try to use unofficial and
> often somewhat slowly updating solutions such as bsdupdate
> (www.bsdupdates.com) or freebsd-update (from ports tree).

> currently, FreeBSD just don't have a mechanism to handle security
> advisories in quick way.

> any suggestions/corrections ?

> j.


You can always designate a build box and NFS share /usr/obj and
/usr/src and have the other FreeBSD boxens mount this and then do an
install{world/kernel}

jimmy at inet-solutions.be wrote:
> Quoting FreeBSD Security Advisories <security-advisories at freebsd.org>:
>
>
>>=============================================================================
>>FreeBSD-SA-05:21.openssl                                    Security Advisory
>>                                                          The FreeBSD Project
>
> [..]
>
>>c) Recompile the operating system as described in
>><URL:
>>http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html >.
>
>
> Is there any reason why one would need to compile the whole operating system?
> I can understand that static linked apps need to be recompiled, but which
> are there actually any at all (and linked against openssl)?
>
> Kind regards,
> Jimmy Scott
>
> ----------------------------------------------------------------
> This message has been sent through ihosting.be
> To report spamming or other unaccepted behavior
> by a iHosting customer, please send a message
> to abuse at ihosting.be
> ----------------------------------------------------------------
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
>


cheers
mars


More information about the freebsd-security mailing list