Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 3 Nov 2002 14:28:20 -0800
From:      Kris Kennaway <kris@obsecurity.org>
To:        Doug Barton <DougB@FreeBSD.org>
Cc:        Kris Kennaway <kris@FreeBSD.org>, ports@FreeBSD.org
Subject:   Re: cvs commit: ports/Mk bsd.port.mk
Message-ID:  <20021103222820.GA25257@xor.obsecurity.org>
In-Reply-To: <3DC4F774.54F2F91A@FreeBSD.org>
References:  <200211030543.gA35hnMM018389@repoman.freebsd.org> <3DC4F774.54F2F91A@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--VbJkn9YxBvnuCH5J
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Nov 03, 2002 at 02:16:20AM -0800, Doug Barton wrote:

> This change might be a little too sensitive:
>=20
> =3D=3D=3D>  SECURITY REPORT:=20
>       This port has installed the following files which may act as
> network
>       servers and may therefore pose a remote security risk to the
> system.
> /usr/local/bin/dig
> /usr/local/bin/dnsquery
> /usr/local/bin/host
> /usr/local/bin/nslookup
> /usr/local/bin/nsupdate
> /usr/local/libexec/named-xfer
> /usr/local/sbin/irpd
> /usr/local/sbin/named
> /usr/local/sbin/ndc
>=20
> Of those, only irpd and named are actually daemons. While I'm all for
> letting users know about potential security problems, I think we may
> have gone too far here.

There are only two daemons, but I bet the others call accept on a
socket and receive data from it.  They would then be accepting
untrusted connections from a remote source and are candidates for
remote security vulnerabilities.

Kris

--VbJkn9YxBvnuCH5J
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE9xaMDWry0BWjoQKURAlx6AJ46pRmpub1ahp1uzTU+hjf85UYNBgCcDkwk
ZdA/8HFjbDeXtpBciv2qYBU=
=db5O
-----END PGP SIGNATURE-----

--VbJkn9YxBvnuCH5J--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021103222820.GA25257>