FreeBSD Security Advisory FreeBSD-SA-11:05.unix
Eirik Øverby
ltning at anduin.net
Sat Oct 1 20:05:32 UTC 2011
On Oct 1, 2011, at 07:12, Doug Barton wrote:
> On 09/30/2011 21:10, Mike Brown wrote:
>> Eitan Adler wrote:
>>>> do I reboot for this one, or not?
>>> The kernel is changed, so yes.
>>
>> Thanks. I had guessed a reboot was needed, but the advisory only mentioned a
>> reboot in the context of building the kernel from sources. Hopefully, when a
>> reboot is required, future advisories will mention it in the freebsd-update(8)
>> instructions.
>
> When would a reboot not be needed for a kernel change?
Try this: When freebsd-update doesn't actually tell you to reboot.
I would expect freebsd-update to inform me that I need to reboot if anything in /boot (or at least /boot/kernel) was touched. In particular when /boot/kernel/kernel was touched. I know I've been told by freebsd-update to do a two-stage update in the past (freebsd-update install, reboot single-user, freebsd-update install again) - I had expected it to do the same this time, but it didn't on any of the dozen-and-a-half systems I ran it on.
When looking at the list of files changed between 8.2-RELEASE-p2 and -p3, the /boot/kernel/kernel is easily missed among them. It's easily concieveable that a system gets patched and then not rebooted for months in a case like this.
/Eirik
More information about the freebsd-security
mailing list