Re: FreeBSD Security Advisory FreeBSD-SA-11:05.unix

2011/10/1 Eirik =D8verby <ltning@anduin.net>:
> On Oct 1, 2011, at 07:12, Doug Barton wrote:
>
>> On 09/30/2011 21:10, Mike Brown wrote:
>>> Eitan Adler wrote:
>>>>> do I reboot for this one, or not?
>>>> The kernel is changed, so yes.
>>>
>>> Thanks. I had guessed a reboot was needed, but the advisory only mentio=
ned a
>>> reboot in the context of building the kernel from sources. Hopefully, w=
hen a
>>> reboot is required, future advisories will mention it in the freebsd-up=
date(8)
>>> instructions.
>>
>> When would a reboot not be needed for a kernel change?
>
> Try this: When freebsd-update doesn't actually tell you to reboot.
>
> I would expect freebsd-update to inform me that I need to reboot if anyth=
ing in /boot (or at least /boot/kernel) was touched. In particular when /bo=
ot/kernel/kernel was touched. I know I've been told by freebsd-update to do=
 a two-stage update in the past (freebsd-update install, reboot single-user=
, freebsd-update install again) - I had expected it to do the same this tim=
e, but it didn't on any of the dozen-and-a-half systems I ran it on.
>
> When looking at the list of files changed between 8.2-RELEASE-p2 and -p3,=
 the /boot/kernel/kernel is easily missed among them. It's easily concievea=
ble that a system gets patched and then not rebooted for months in a case l=
ike this.
>

Generally users are expected to pay attention to what is updated-- I
know this isn't always the easiest task, but blindly following
instructions is not something that is generally advocated in FreeBSD.

Chris
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"