From owner-freebsd-security Fri Dec 15 17: 3:25 2000 From owner-freebsd-security@FreeBSD.ORG Fri Dec 15 17:03:21 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from seed.pacific.net.sg (seed.pacific.net.sg [203.120.90.77]) by hub.freebsd.org (Postfix) with ESMTP id C475837B400 for ; Fri, 15 Dec 2000 17:03:20 -0800 (PST) Received: from pop1.pacific.net.sg (pop1.pacific.net.sg [203.120.90.85]) by seed.pacific.net.sg with ESMTP id eBG13IJ20934; Sat, 16 Dec 2000 09:03:18 +0800 (SGT) Received: from gchang (spoff250.pacific.net.sg [203.120.94.250]) by pop1.pacific.net.sg with SMTP id JAA24872; Sat, 16 Dec 2000 09:03:16 +0800 (SGT) Message-ID: <007901c066fb$4f187040$fa5e78cb@gchang> From: "James Lim" To: "Mikhail Kruk" , "Anil Jangity" Cc: "jrz" , References: Subject: Re: Security Update Tool.. Date: Sat, 16 Dec 2000 08:58:30 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, Some of the ports are actually marked forbidden due to the security hazards. That is served as a warning to users. But of course if they want to risk it they just have to comment it James Lim Technical Support Executive Pacific Internet Limited 89 Science Park Drive #02-05/06 The Rutherford Singapore 118261 Finger evilfry@sg.freebsd.org for PGP key. ----- Original Message ----- From: "Mikhail Kruk" To: "Anil Jangity" Cc: "jrz" ; Sent: Saturday, December 16, 2000 9:00 AM Subject: Re: Security Update Tool.. > I'm not sure that many people would like that kind of automation, but what > is really missing IMHO is ability to mark ports whichs are insecure and > add some option to pkg_info which will check all installed packages. I > think OpenBSD has exacty this, no? > > > I think he was looking for something a little more "automated". Something > > like IE's "Window's update" for freebsd ;-) > > > > I don't think its too difficult to do this, all you do is do ident on any > > binaries that are on the local system and compare the version with the > > version string in the advisories... the advisory might need some > > formatting changes? > > > > just thinking out loud. > > > > > > Fri, 15 Dec 2000 (4:41pm -0800) Message: > > > > @ >> My question is, is there a util yet that in theory (maybe if so, or if > > @ >> someone writes one would work differently than what I'm imagining) queries a > > @ >> central database with all the security advisories, checks the local system > > @ >> for comparisons and vulnerabilities against that database and reports to the > > @ >> user who ran the util. > > @ >> > > @ >> ie, sacheck -H sa-host.freebsd.org > > @ > > @ would be fairly easy to write a shell or perl script that checks for current > > @ advisories and prints it out in pretty format. > > @ > > @ -jrz > > @ > > @ > > @ > > @ --- > > @ Jacob Zehnder | Systems Engineer > > @ CNM Network | http://www.cnmnetwork.com > > @ business: jrz@cnmnetwork.com > > @ other: jrz@rackmount.org > > @ --- > > @ "Where am I, and what am I doing in this handbasket?" > > @ > > @ > > @ > > @ To Unsubscribe: send mail to majordomo@FreeBSD.org > > @ with "unsubscribe freebsd-security" in the body of the message > > @ > > @ > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message