I'm going to apply the ssh patch. Applying it to the "real" server seems straightforward enough, but I'm wondering what the right procedure is to apply this patch to my jailed servers.
Hello, On Thu, 18 Sep 2003, V. Jones wrote:> I'm going to apply the ssh patch. Applying it to the "real" server > seems straightforward enough, but I'm wondering what the right procedure > is to apply this patch to my jailed servers.No special procedure is necessary. Log into the jail, su to root, and follow the instructions in the SA - they will work just fine. You may or may not have a populated /usr/src/secure though - you can get it with cvsup, however it is faster and easier to simply tar up the /usr/src/secure on the base system and untar it in the jail. I presume this to be safe, as there should never be a version mismatch between the base system and the jails running on it. The procedure in the sendmail SA that was released yesterday will also work fine inside of a jail. Again, make sure you have /usr/src/usr.sbin and /usr/src/lib, and so on in the jail. ----- John Kozubik - john@kozubik.com - http://www.kozubik.com
On Thu, 2003-09-18 at 14:28, John Kozubik wrote:> No special procedure is necessary. Log into the jail, su to root, and > follow the instructions in the SA - they will work just fine. > > You may or may not have a populated /usr/src/secure though - you can get > it with cvsup, however it is faster and easier to simply tar up the > /usr/src/secure on the base system and untar it in the jail. I presume > this to be safe, as there should never be a version mismatch between the > base system and the jails running on it.I would imagine that a /usr/src/secure;make install DESTDIR=/usr/jail would work just as well. Or is using DESTDIR not recommended for updating binaries? Regards, Frank -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: This is a digitally signed message part Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20030918/c48ffcb4/attachment.bin