Re: getting the running patch level

On 08/10/2012 11:55 PM, Chris BeHanna wrote:
> 	Split off a version.ko and update that with each patch?

There is often no need to reboot the machine unless the kernel is
affected (just restart the affected daemons). Thus the information would
not necessarily match the userland status. The userland and kernel
versions need to be kept separate because they may not match. I am often
struggling to remember if I updated some machine already or not. I now
need to compare the time stamps of newvers.sh and installed binaries to
find out.

IMHO a sensible approach would be something like what most Linux distros
do: Have some file in a standard location and put the information there
by generating that file from newvers.sh during make buildworld /
installworld". Having it only in the source tree is not sufficient as
not every machine has the source tree installed.

On LSB compliant Linux distributions the proper way to find this out is
the lsb_release command.

On many Linux distributions there is also a /etc/DISTRONAME-release file
which can be checked (for example /etc/debian-release on Debian and
/etc/redhat-release on RHEL and clones).

How about /etc/freebsd-release? Or freebsd_release command (shell
script) which takes the same flags as lsb_release?

-- 
Janne Snabb / EPIPE Communications
snabb@epipe.com - http://epipe.com/
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"