Language Selection

English French German Italian Portuguese Spanish

The (bad) deal with freebsd-update(8)

Filed under
BSD

The binary patches are quite a mysterious issue in FreeBSD, no matter freebsd-update( 8 ) is around since about 2005, and since FreeBSD 6.3-RELEASE it reached a new level of power. As I have had quarrels with FreeBSD aficionados on the issue of binary patches in FreeBSD, I thought I should clear a bit the mess.

Not only proprietary or closed-source operating systems come with binary security updates, but each and every Linux distribution which is supported by the issuer is provided with patched binaries when a security issue is identified and a solution is found. Unless you're running a source distribution (LFS, Gentoo, etc.), why would you prefer to build yourself from sources a patched binary, when an officially patched package can be made available? This one, the new package is only build once, not millions of times!

All the BSD flavors favor the source patches. When a security advisory is issued, you're supposed to apply the source patch and to rebuild the corresponding binary. Most people never considered this process as a bothersome one, as in real life, there is another issue taking even more time: rebuilding the vulnerable ports (when updated packages are not available).

More Here




More in Tux Machines

Leftovers: BSD

Security Leftovers

Red Hat News

  • Why SELinux is inherently complex
    The root of SELinux's problems is that SELinux is a complex security mechanism that is hard to get right. Unfortunately this complexity is not (just) simply an implementation artifact of the current SELinux code; instead, it's inherent in what SELinux is trying to do.
  • SELinux is beyond saving at this point
    SELinux has problems. It has a complexity problem (in that it is quite complex), it has technical problems with important issues like usability and visibility, it has pragmatic problems with getting in the way, and most of all it has a social problem. At this point, I no longer believe that SELinux can be saved and become an important part of the Linux security landscape (at least if Linux remains commonly used). The fundamental reason why SELinux is beyond saving at this point is that after something like a decade of SELinux's toxic mistake, the only people who are left in the SELinux community are the true believers, the people who believe that SELinux is not a sysadmin usability nightmare, that those who disable it are fools, and so on. That your community narrows is what naturally happens when you double down on calling other people things; if people say you are an idiot for questioning the SELinux way, well, you generally leave.
  • Systemd 230 Is Upsetting Some Over Its KillUserProcess Setting
    Systemd 230 was released just last week and it has taken heat not only for opening up FBDEV to potential security issues, which already reverted, but also for changing the default behavior of user processes. Systemd 230 made a change where KillUserProcess defaults to yes. This terminates user processes that are part of the user session scope when the user logs out. This is causing problems for ssh-agent, screen, and other common Linux processes.
  • Basics you must know for RHCSA Exam preparation
  • Test Fedora 24 Beta in an OpenStack cloud
    Although there are a few weeks remaining before Fedora 24 is released, you can test out the Fedora 24 Beta release today! This is a great way to get a sneak peek at new features and help find bugs that still need a fix.
  • State of syslog-ng 3.8 rpm packaging
  • My Fedora Badges intern
    For the past two weeks I was lucky to have an intern, who worked on Fedora Badges. Badges is a great way to start as a Fedora design contributor, as they have low entry level. Templates are ready, graphics is available to download, all the resources available here.

today's howtos