FreeBSD Security Advisory FreeBSD-SA-13:05.nfsserver

Brett Glass brett at lariat.org
Tue Apr 30 19:37:04 UTC 2013


This is one of several reasons why one would expect freebsd-update(8) to be
considerate of a custom kernel: it is documented as knowing about
/boot/GENERIC as the place to put he GENERIC kernel if one builds a
custom one.

Also, I don't think that freebsd-update(8) should, in the course of a normal
update, create a situation where the system is not be able to reboot. This
would have been the case with the system I updated, had I not 
caught the problem.

I daresay that a system that stops working after a routine update 
is a violation
of POLA. ;-)

In my case, the GENERIC kernel was installed in place of the custom 
one, without
modules the system needed -- in either loadable or built-in form. It's easy to
prevent this by modifying /boot/GENERIC (which freebsd-update is 
supposed to know
about) instead of overwriting the custom kernel... and then advising the
administrator that a new build might be needed.

--Brett Glass

At 10:26 AM 4/30/2013, Chris Rees wrote:

>I agreed with Glen, but when checking the docs it turns out that they say
>that freebsd-update will detect a kernel in /boot/GENERIC:
>
>http://www.freebsd.org/doc/handbook/updating-upgrading-freebsdupdate.html
>
>Are the docs wrong, or is this only in new freebsd-update?
>
>Chris
>_______________________________________________
>freebsd-security at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-security
>To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"



More information about the freebsd-security mailing list