im still pretty new to freebsd. ive been playing around with the cvsup tools, and they are quite fascinating.
i changed my production server from Fedora to FreeBSD 6.0, about 1 day before the most recent sendmail exploit was published (well, published on freebsd.org anyway). i did download the patch and recompile it, but as some have also noted on this list, that it still banners as 8.13.4 when you telnet to it. so, the past couple of days, i have learned to cvsup my /usr/src directories. ive just been using the standard copy of the stable-supfile. i have learned that if i perform the sendmail recompile after the cvsup, that it sendmail seems to proclaim 8.13.6 in the banner. on top of that, i have learned that if i recompile the kernel after cvsup, that it no longer says FreeBSD 6.0-RELEASE, but FreeBSD 6.1-PRERELEASE. my questions: 1) after cvsup, i think i can assume that sendmail is now compiling from sourcecode that should definatly be free from the current exploit. i would also assume that anything that i would need to recompile from /usr/src should also see the benefit of 'latest source code'? 2) on a production server, should i avoid recompiling a kernel that will be FreeBSD 6.1-PRERELEASE? on the whole, how reliable is the bulk of these newer sources that were pulled down by cvsup? i can definatly see the benefits of using cvsup to take care of problem with some things (like sendmail), but allowing it to update everything under the /usr/src tree, im wondering if i could be setting myself up for issues (by not editing the stable-supfile and taking only what i need). last, im also as well interested in hearing how some of my peers here apply the cvsup concepts to your production servers. thanks for reading, Jonathan Horne _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
