Reply
 
Thread Tools Display Modes
  #1  
Old 01-12-2007, 05:09 AM
misstyck2 misstyck2 is offline
Senior Member
 
Join Date: Jan 2007
Location: none
Posts: 88
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via AIM to misstyck2 Send a message via MSN to misstyck2 Send a message via Yahoo to misstyck2
Default freebsd-update (secure or not ???)
Hi all,

I use freebsd-update and see that,it 's secure or not ??? thank.

Fetching updates signature...
Fetching updates...
Fetching hash list signature...
Fetching hash list...
Examining local system...

The following files are affected by security
fixes, but have not been updated because they
have been modified locally:

/boot/kernel/firewire.ko
/boot/kernel/kernel
/boot/kernel/smbfs.ko
/boot/kernel/sppp.ko
/etc/rc.d/jail
/etc/ssh/sshd_config
/lib/libcrypto.so.4
/usr/include/openssl/rsa.h
/usr/lib/libcrypto.a
/usr/lib/libcrypto_p.a
/usr/lib/libssh.a
/usr/lib/libssh_p.a
/usr/lib/libssl.a
/usr/lib/libssl_p.a
/usr/sbin/lwresd
/usr/sbin/named
/usr/sbin/sshd
/usr/sbin/ypserv
/usr/share/man/man5/ssh_config.5.gz
/usr/share/man/man5/sshd_config.5.gz

ssh is not patched by default on 1.3.01.

Thank.
Reply With Quote
  #2  
Old 01-12-2007, 10:47 AM
antik antik is offline
Senior Member
 
Join Date: Jul 2005
Location: Estonia
Posts: 3,610
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: freebsd-update (secure or not ???)
Originally Posted by misstyck2
Hi all,

ssh is not patched by default on 1.3.01.
This is strange, because PC-BSD got FreeBSD 6.1p11 under the hood and all ssh and other stuff should be patched already...
__________________
"All parts should go together without forcing. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer." -- IBM maintenance manual, 1975
Reply With Quote
  #3  
Old 01-12-2007, 11:39 AM
Solarin's Avatar
Solarin Solarin is offline
Super Moderator
 
Join Date: Jul 2005
Location: Birmingham, UK
Posts: 743
Thanks: 0
Thanked 0 Times in 0 Posts
Default
Strange indeed.

As antik says, we're 1.3 has 6.1-RELEASE-p11 under the hood, and according to the FreeBSD SA it was corrected in 6.1-RELEASE-p10. You can see this here:
http://security.freebsd.org/advisories/ ... penssh.asc

Note, that report doesn't say the files are unpatched. It says they've been modified so are unchecked.
__________________
Tim McCormick
PC-BSD Lead Developer
tim at pcbsd.org
Reply With Quote
  #4  
Old 01-12-2007, 01:15 PM
misstyck2 misstyck2 is offline
Senior Member
 
Join Date: Jan 2007
Location: none
Posts: 88
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via AIM to misstyck2 Send a message via MSN to misstyck2 Send a message via Yahoo to misstyck2
Default
Hi,

Yes, but freebsd-update installs a patch ssh when I used it...

Test and see.

So it 's secure.
Reply With Quote
  #5  
Old 01-12-2007, 03:02 PM
Solarin's Avatar
Solarin Solarin is offline
Super Moderator
 
Join Date: Jul 2005
Location: Birmingham, UK
Posts: 743
Thanks: 0
Thanked 0 Times in 0 Posts
Default
From this site: http://www.daemonology.net/freebsd-update/

Quote:
FreeBSD Update 1.4 will complain about files which have been locally modified. It still can't update them; but it will print a warning message to alert you to the fact that those files may have security issues which FreeBSD Update is not patching.
The key phrase here is may have security issues.

The update tool is quite right, all those files had issues at 6.1-RELEASE. However, they have *all* been fixed on 6.1-RELEASE-p11.

PC-BSD 1.2 & 1.3 users have only one unfixed security issue at this time. This relates to the 'FreeBSD-SA-07:01.jail' advisory.

This advisory was released late last night (my time), I will create a patch later today to fix this. Expect a few days delay however, as the patch needs to be tested before release.

NOTE: If you apply a diff you an already patched file, you can end up reversing the fix.
__________________
Tim McCormick
PC-BSD Lead Developer
tim at pcbsd.org
Reply With Quote
  #6  
Old 01-13-2007, 07:52 AM
misstyck2 misstyck2 is offline
Senior Member
 
Join Date: Jan 2007
Location: none
Posts: 88
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via AIM to misstyck2 Send a message via MSN to misstyck2 Send a message via Yahoo to misstyck2
Default
Hi,

so is OK by default.

"NOTE: If you apply a diff you an already patched file, you can end up reversing the fix."

But freebsd-update installs a patch ssh when I used it...

Thank.
Reply With Quote
  #7  
Old 01-13-2007, 04:25 PM
TerryP TerryP is offline
Senior Member
 
Join Date: Nov 2005
Location: Ga. USofA
Posts: 7,906
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via ICQ to TerryP Send a message via AIM to TerryP Send a message via Yahoo to TerryP
Default
building kernel and world should recompile every thing so no matter, just gotta sort the mergemastering.
Reply With Quote
  #8  
Old 09-06-2007, 06:25 AM
grahamnorth grahamnorth is offline
Senior Member
 
Join Date: Sep 2005
Location: Vancouver, Canada
Posts: 100
Thanks: 0
Thanked 0 Times in 0 Posts
Default freebsd-update with PCBSD - server use?
Will Freebsd-update work well with PCBSD?
Will it update the kernel and base system without messing with PBIs?

I am planning to completely rebuild my Freebsd server (new hardware, and 6.2 instead of 4.11) and am considering using PCBSD. Mainly for the ease of setting up Samba and printing etc. They have always been a pain to network with my other Windows boxes - although Samba works well, the printer was a kluge...

Any comments/suggestions on security patching for pcbsd ?

Thanks,
Graham/
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
src update freebsd way. DeadLine General Questions 7 02-28-2010 05:57 AM
Update to Freebsd 7 kernel crencom General Questions 2 11-20-2007 01:40 AM
Update: What's cooking for FreeBSD 7? Oliver Herold The Lounge 0 09-06-2007 01:52 PM
pc-bsd is more secure of trustix secure linux? General Questions 1 06-24-2006 11:50 PM
Status Update PC-BSD / FreeBSD 6 kmoore134 Announcements 31 03-23-2006 03:32 PM


All times are GMT. The time now is 03:31 PM.


Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.

Copyright 2005-2010, The PC-BSD Project. PC-BSD and the PC-BSD logo are registered trademarks of iXsystems.
All other content is freely available for sharing under the terms of the Creative Commons Attribution License.