From owner-freebsd-ports Sat Jul 15 3: 7:32 2000 Delivered-To: freebsd-ports@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 214FF37C498 for ; Sat, 15 Jul 2000 03:07:29 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id EAA71470; Sat, 15 Jul 2000 04:07:27 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id EAA46560; Sat, 15 Jul 2000 04:07:10 -0600 (MDT) Message-Id: <200007151007.EAA46560@harmony.village.org> To: Stijn Hoop Subject: Re: Version question/request Cc: "Bruce A. Mah" , ports@freebsd.org In-reply-to: Your message of "Sat, 15 Jul 2000 11:54:04 +0200." <20000715115404.D92785@pcwin002.win.tue.nl> References: <20000715115404.D92785@pcwin002.win.tue.nl> <200007150511.XAA01511@billy-club.village.org> <200007150550.e6F5o0P02257@bmah-freebsd-0.cisco.com> Date: Sat, 15 Jul 2000 04:07:10 -0600 From: Warner Losh Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <20000715115404.D92785@pcwin002.win.tue.nl> Stijn Hoop writes: : On Fri, Jul 14, 2000 at 10:50:00PM -0700, Bruce A. Mah wrote: : > If memory serves me right, Warner Losh wrote: : > > I'd like to create a script that runs in /etc/security that will : > > produce output like the following: : > > : > > YOUR SYSTEM HAS THE FOLLOWING PORTS THAT HAVE KNOWN SECURITY ISSUES IN : > > THE VERSION YOU ARE RUNNING: : > > woofootd (have 2.1 need 2.2) : > > qpooper (have 2.98 need 3.11) : > > etc : : Cool idea! : : > Nice. One thing I'd suggest is that the script gets updated as a part : > of the Ports Collection, rather than as one of the source collections. : > I'm presuming that many users will cvsup their Ports Collection tree : > far more frequently than they'd do a make world. : : I second this. You wouldn't have to CVSUP anything. there's be a database maintained by the security officer that would contain known bad version ranges. The script would contact a central database server, or one of the mirrors, grab the whole database (since it will be relatively small), verify that the key that signed the database is good and then check to see if the versions that are bad are on the system and whine if they are. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message