Re: FreeBSD Security Advisory FreeBSD-SA-13:05.nfsserver
On 04/30/13 19:43, Brett Glass wrote:
> When you use freebsd-update(8) in the usual manner, it fetches all of the
> source and binary updates necessary to bring the system up to the latest
> security patch level. When a userland binary is updated, it overwrites the
> source and binary. But when the kernel is updated, it moves /boot/kernel to
> /boot/kernel.old and then drops a GENERIC kernel into /boot/kernel. If
> there were no loadable modules in /boot/kernel at the start of the update,
> none are placed in /boot/kernel afterward. This is problematic, because
> the custom kernel that previously resided in /boot/kernel might have had some
> necessary modules built in... and they will not be available, either as
> compiled-in modules or as loadable modules, at the next reboot.
>
> To leave the system in a precarious state, where a power glitch could
> leave it unable to reboot, does not seem to me like a good idea. If
> /boot/GENERIC exists (which means that the administrator has built a custom
> kernel and saved the GENERIC kernel there), best to update /boot/GENERIC and
> leave the custom kernel in place, to be rebuilt if needed.
If you don't want freebsd-update to update your kernel, remove 'kernel' from
the 'Components' line in /etc/freebsd-update.conf.
--
Colin Percival
Security Officer Emeritus, FreeBSD | The power to serve
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 17 之 19 篇):