Last FreeBSD 5.3 BETA Released

A few hours ago Scott Long announced the availability of FreeBSD 5.3-BETA7, the presumed last BETA in the 5.3 release cycle. The schedule has not yet changed to reflect this new BETA. Although only one release candidate (RC1) is planned, I would not be surprised to see a RC2 or maybe even RC3. Since FreeBSD 5.3 will be the first version of the 5.x tree marked STABLE, the release engineering team wants 5.3 to be the best FreeBSD version to date. I personally can't wait to deploy it on my laptop and servers.

One of the biggest changes in the current BETA is the replacement of BIND 8.x with 9.3. The release engineers felt that although it was late in the release process, they didn't want to have to support 8.x throughout the life of the FreeBSD 5.x STABLE tree. In other words, if BIND 9.x didn't appear in FreeBSD 5.3, BIND 9.x wouldn't be imported until FreeBSD 6.0. If you'd like to know more about this process, check out the thread from mid-September.

This decision highlights a difference between Linux and FreeBSD. When FreeBSD includes an application like BIND in the base system, it is imported. It isn't just downloaded and packaged with the distribution. This shows how FreeBSD is deployed as an operating system and not as a kernel with assorted userland tools (like Linux).

Of course some people might argue that keeping the "purest" deployment of an application like BIND, without patches for FreeBSD, is more effective. I share these sentiments when I see various Linux vendors deploying their own modified Linux kernels, making integration of default kernels from Kernel.org difficult.

Overall, however, I like the FreeBSD approach because the maintainers accept responsibility for the code they include in the base system. If you don't want to run the integrated version of BIND, you can run the version in the ports tree (dns/bind9/, for example) and modify /etc/rc.conf like so:

named_enable="YES" # Run named, the DNS server (or NO).
named_program="/usr/local/sbin/named" # path to named, if you want a different one.

This flexibility can become confusing when a program like OpenSSH is involved. OpenSSH is offered in three "flavors:"

1. OpenSSH is part of the base FreeBSD operating system.
2. OpenSSH exists as the security/openssh port. This version is like OpenSSH for OpenBSD due to the similarity between FreeBSD and OpenBSD's code.
3. OpenSSH exists as the openssh-portable port. This version is specifically for non-OpenBSD systems.

Confused? According to this thread, OpenBSD's lack of support for PAM means the OpenBSD native version (option 2) doesn't offer PAM. Since FreeBSD does use PAM, options 1 and 3 make use of PAM.

This means that if you want your OpenSSH authentication to use PAM on FreeBSD, you can use the OpenSSH integrated into the FreeBSD base (like using integrated BIND) or you can install the openssh-portable port (like using the BIND port).

Comments

Anonymous said…
-Fix panic when allocating swap on a busy system.
- Fix the '-s' option in newfs to handle large filesystems.
-Fix the panic on detach problem with USB hubs.
- Fix a resource allocation problem with the floppy driver that would result in long delays during boot. Good news

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics