Re: Is it necessary to recompile OS to apply security patch?

Tue, 29 Jul 2008 12:55:55 -0700 

Hi,

Assuming the box is only a DNS server, then the simplest & easiest (in
my option) is to take a copy of the DNS related files:
        - /etc/rc.conf.local
        - /var/named/*
        - noting also IP address, hostname etc etc

and then reinstall the o/s from a recent snapshot (downloaded here
ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/
 or mirror), which has all the patches pre-applied. Then restore the
above files. job done.

if you're paranoid and unexperienced in unix, then grab a spare
machine to do a dry run on that.

/Pete



On 29 Jul 2008, at 18:16, skogzort wrote:


Hello,
I know nothing/very little about OpenBSD or UNIX. I have been tasked
with
updating our OpenBSD DNS server with a security fix (Vulnerability
Note
VU#800113- Multiple DNS implementations vulnerable to cache
poisoning).

In order to do this it appears that I have to download the source code
re-compile the entire OS. Recompiling the OS seems to involve a lot
of steps.
Before I continue to read through them all, I just want to confirm
that it is
actually necessary to do all of this, simply to apply a security
patch:

Down load the tree..
Pre load the tree..
Build the Kernel..
Build the userland..
Etc.

The only thing we use the server for is DNS. I dont know what
flavor we are
running, since its on a production server I assume it will be *
release or *
stable, either way from what Ive read so far it looks like in order
to apply
this security patch I will have to update it to * stable, which
seems to
require that the entire OS be recompiled. Is this correct?

Is it true that the only way to apply this patch is to recompile the
entire
OS, and go through all the steps above? I dont mind doing all this
since it
will give me a chance to learn, its just that the more steps I have
to take,
the more chances there are for mistakes. I want to be sure that the
way I plan
to do the update is the simplest. Im only familiar with Windows,
where you
just push a button to apply a security patch and you dont even have
to reboot
the server, so I was thinking that I may be misunderstanding what Im
reading.

Thanks very much for your time and any info

Kyle

Reply via email to