Per olof Ljungmark p...@intersonic.se writes:
Path to patch seems wrong?
Please see the revised advisory which was published a few hours later.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing list
On 5/1/13, Brett Glass br...@lariat.org wrote:
At 08:22 PM 4/30/2013, Glen Barber wrote:
Maybe I am missing the fundamental usage of freebsd-update(8). How does
using freebsd-update(8) to fetch src/ updates install a new kernel?
When you use freebsd-update(8) in the usual manner, it fetches
Melanie Schulte m-free...@fuglos.org writes:
Could you please elaborate on that? I have also built my own kernel on
my servers and I must have missed the section in the handbook saying
that running a custom kernel implies that freebsd-update should not be
used.
Given a security problem, I
Path to patch seems wrong?
On 2013-04-29 22:55, FreeBSD Security Advisories wrote:
=
FreeBSD-SA-13:05.nfsserver Security Advisory
You are using an old version of the Security Advisory. The path
mentioned was fixed and the Security Advisory was re-released, also via
email:
http://docs.freebsd.org/cgi/getmsg.cgi?fetch=30985+0+current/freebsd-security
Or use the link on the FreeBSD homepage to get directly to fixed version.
At 09:46 PM 4/29/2013, Glen Barber wrote:
This has _always_ been the case with freebsd-update(8).
Should it be? It seems to me that the current behavior
a) Violates POLA; and
b) Puts any system with a custom kernel at serious risk if
surgery and/or a kernel rebuild is not done prior to
On 30 Apr 2013 05:24, Glen Barber g...@freebsd.org wrote:
On Mon, Apr 29, 2013 at 10:16:43PM -0600, Brett Glass wrote:
At 09:46 PM 4/29/2013, Glen Barber wrote:
This has _always_ been the case with freebsd-update(8).
Should it be?
Yes. freebsd-update(8) does not, and cannot, know of
This is one of several reasons why one would expect freebsd-update(8) to be
considerate of a custom kernel: it is documented as knowing about
/boot/GENERIC as the place to put he GENERIC kernel if one builds a
custom one.
Also, I don't think that freebsd-update(8) should, in the course of a
On Tue, Apr 30, 2013 at 01:36:52PM -0600, Brett Glass wrote:
This is one of several reasons why one would expect freebsd-update(8) to be
considerate of a custom kernel: it is documented as knowing about
/boot/GENERIC as the place to put he GENERIC kernel if one builds a
custom one.
Let's
At 03:15 PM 4/30/2013, Glen Barber wrote:
Let's start from the beginning. What is the name of your custom kernel?
The file name of the compiled kernel? The file name of the configuration file?
Or the identification string within the kernel?
The file name is, of course, /boot/kernel/kernel.
On Tue, Apr 30, 2013 at 04:41:03PM -0600, Brett Glass wrote:
At 03:15 PM 4/30/2013, Glen Barber wrote:
Let's start from the beginning. What is the name of your custom kernel?
The file name of the compiled kernel? The file name of the configuration file?
Or the identification string within
At 04:48 PM 4/30/2013, Glen Barber wrote:
So, since I know you're not new to FreeBSD, if you feel there is a bug
somewhere, please file a PR. I disagree that there is a problem,
however, since users building a custom kernel should _not_ use
freebsd-update(8) for kernel upgrades.
Glen
I will
On Tue, Apr 30, 2013 at 07:48:50PM -0600, Brett Glass wrote:
At 04:48 PM 4/30/2013, Glen Barber wrote:
So, since I know you're not new to FreeBSD, if you feel there is a bug
somewhere, please file a PR. I disagree that there is a problem,
however, since users building a custom kernel should
Hi,
I disagree that there is a problem, however, since users building a
custom kernel should _not_ use freebsd-update(8) for kernel
upgrades.
Could you please elaborate on that? I have also built my own kernel on
my servers and I must have missed the section in the handbook saying
that
On Wed, May 01, 2013 at 04:47:48AM +0200, Melanie Schulte wrote:
Hi,
I disagree that there is a problem, however, since users building a
custom kernel should _not_ use freebsd-update(8) for kernel
upgrades.
Could you please elaborate on that? I have also built my own kernel on
my servers
On Tue, 30 Apr 2013 19:48:50 MDT Brett Glass br...@lariat.org wrote:
I will do that. BTW, I do not use freebsd-update(8) to update the kernel. But
I do need it to update the kernel sources (so I can rebuild the kernel myself)
If you are tracking just the kernel sources, you can use svn
to
On 04/30/13 19:43, Brett Glass wrote:
When you use freebsd-update(8) in the usual manner, it fetches all of the
source and binary updates necessary to bring the system up to the latest
security patch level. When a userland binary is updated, it overwrites the
source and binary. But when the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-13:05.nfsserver Security Advisory
The FreeBSD Project
Topic:
Hi,
thanks for the warning.
But the link for the source patch is not working for me:
http://security.FreeBSD.org/patches/SA-03:15/nfsserver.patch
Greetings
Michael
On Mon, 29 Apr 2013, FreeBSD Security Advisories wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Okay,
found the correct link:
http://www.freebsd.org/security/patches/SA-13:05/nfsserver.patch
http://www.freebsd.org/security/patches/SA-13:05/nfsserver.patch.asc
Just a wrong SA number in the url. ;-)
Greetings
Michael
On Mon, 29 Apr 2013, FreeBSD Security Advisories wrote:
-BEGIN
Michael Schnell s-...@s-tlk.org writes:
Just a wrong SA number in the url. ;-)
Correct. We will release a revised SA in a short while. I apologize
for the mistake.
DES
--
Dag-Erling Smørgrav - d...@des.no
___
freebsd-security@freebsd.org mailing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-13:05.nfsserver Security Advisory
The FreeBSD Project
Topic:
FreeBSD Security Advisories wrote:
To determine which implementation an NFS server is running, run the
following command:
# kldstat -v | grep -cw nfsd
This will print 1 if the system is running the new NFS implementation,
and 0 otherwise.
It output 2 on my 9.1-RELEASE-p2 with new NFSD as
Dan Lukes d...@obluda.cz writes:
Someone may be confused by non 0/1 result not catched in advisory.
Either
kldstat -v | grep -wc nfsd.ko
or
kldstat | grep -wc nfsd
should be used instead the command recommended in advisory to obtain 0/1
result.
If NFS is compiled in, both of these will
Kevin Day toa...@dragondata.com writes:
Can someone clarify if this is exploitable only from hosts/networks
allowed in /etc/exports? i.e. if exports would not allow an attacker
to mount a filesystem, would they still be able to exploit this?
I thought that was self-explanatory - the attacker
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
=
FreeBSD-SA-13:05.nfsserver Security Advisory
The FreeBSD Project
Topic:
Please be advised that, when using freebsd-update(8) to install the patch for
this security problem, freebsd-update will move the current kernel to
/boot/kernel.old,
and install a new GENERIC kernel in /boot/kernel, even if you have built a
custom
kernel and created a copy of the GENERIC kernel
For the purpose of the NFS vulnerability in 9.0-RELEASE, does it make
any difference whether one has used /etc/exports and an explicitly
started nfsd, or exported the files using zfs set sharenfs={options}
if the exported file system in both cases is ZFS? (That's probably
similar to asking
On Mon, Apr 29, 2013 at 04:08:22PM -0600, Brett Glass wrote:
Please be advised that, when using freebsd-update(8) to install the patch for
this security problem, freebsd-update will move the current kernel to
/boot/kernel.old,
and install a new GENERIC kernel in /boot/kernel, even if you have
29 matches
Mail list logo