Need to build some systems this week. Snapshots?
Brett Glass
brett at lariat.org
Thu Aug 28 12:54:27 PDT 2003
At 12:16 PM 8/28/2003, Colin Percival wrote:
>At 12:01 28/08/2003 -0600, Brett Glass wrote:
>>Will this fix everything that needs to be recompiled to avoid the realpath()
>>bug?
>
> Yes, that's the whole point of FreeBSD Update. Read my paper, or come to BSDCon, for details; but rest assured that if you start with a binary install from the official FTP or ISO releases, and don't recompile any of the world locally, FreeBSD Update will update any binaries which are affected by modifications in the security branch.
That's great.
What does one do about packages and ports? It appears that the binary packages on the FreeBSD servers are never updated between releases... which means that if a bug is in a package or is compiled into a package (as with the realpath problem), the FreeBSD servers keep sending out exploitable copies of that package indefinitely. The situation with ports is a bit better, but how does one know which ones to recompile and reinstall? Does your update system handle this situation and/or warn about it?
--Brett
More information about the freebsd-stable
mailing list