From owner-freebsd-ports  Sat Nov 16 22:57:40 2002
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id EC7A937B401; Sat, 16 Nov 2002 22:57:38 -0800 (PST)
Received: from elvis.mu.org (elvis.mu.org [192.203.228.196])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id BB32543E4A; Sat, 16 Nov 2002 22:57:38 -0800 (PST)
	(envelope-from bright@elvis.mu.org)
Received: by elvis.mu.org (Postfix, from userid 1192)
	id A8BD2AE302; Sat, 16 Nov 2002 22:57:38 -0800 (PST)
Date: Sat, 16 Nov 2002 22:57:38 -0800
From: Alfred Perlstein <bright@mu.org>
To: ports@freebsd.org
Cc: knu@freebsd.org, kris@freebsd.org
Subject: ports security + portupgrade feature idea
Message-ID: <20021117065738.GG6882@elvis.mu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ports.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ports>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ports>
X-Loop: FreeBSD.org

I cc'd the two who I thought would most get a kick out
of this feature request, maybe you'll pity my ruby/make
feebleness and give this a shot? :)

There needs to be a port variable 'FORBIDDEN_VULNERABLE'.

The idea is that bsd.port.mk will define
FORBIDDEN?=${FORBIDDEN_VULNERABLE}.

The reasoning for this is so that programs like portupgrade can
warn the user if any installed package has become vulnerable and
possibly with an additional option supplied to the upgrade program
automatically remove all such vulnerable installed third party
programs.

It may also be nice to have knobs like:
FORBIDDEN_VULNERABLE_LOCAL, FORBIDDEN_VULNERABLE_REMOTE,
FORBIDDEN_VULNERABLE_TROJAN, referring to the ability to
exploit the program with a local account, remote account, or
tricking the user into opening a file using the program.

There should likely be knobs to quiet FORBIDDEN_VULNERABLE_LOCAL
and FORBIDDEN_VULNERABLE_REMOTE for the cases where
that the administrator knows that the machine is set up such
that only trusted users can log in or reach the machine via
remote means.

-- 
-Alfred Perlstein [alfred@freebsd.org]
'Instead of asking why a piece of software is using "1970s technology,"
 start asking why software is ignoring 30 years of accumulated wisdom.'

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message