From owner-freebsd-security@FreeBSD.ORG Mon Feb 1 16:59:10 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DE7831065672 for ; Mon, 1 Feb 2010 16:59:10 +0000 (UTC) (envelope-from ekarkkai@pp.htv.fi) Received: from filtteri1.pp.htv.fi (filtteri1.pp.htv.fi [213.243.153.184]) by mx1.freebsd.org (Postfix) with ESMTP id 872A58FC16 for ; Mon, 1 Feb 2010 16:59:10 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by filtteri1.pp.htv.fi (Postfix) with ESMTP id A79448BC17; Mon, 1 Feb 2010 18:42:49 +0200 (EET) X-Virus-Scanned: Debian amavisd-new at pp.htv.fi Received: from smtp5.welho.com ([213.243.153.39]) by localhost (filtteri1.pp.htv.fi [213.243.153.184]) (amavisd-new, port 10024) with ESMTP id wJjNYtAM9VWH; Mon, 1 Feb 2010 18:42:49 +0200 (EET) Received: from zero.my.domain (cs95087.pp.htv.fi [212.90.95.87]) by smtp5.welho.com (Postfix) with ESMTP id 658D25BC002; Mon, 1 Feb 2010 18:42:49 +0200 (EET) Received: from thunderbolt.my.domain (thunderbolt.my.domain [10.192.168.30]) by zero.my.domain (8.14.3/8.14.3) with ESMTP id o11Ggnbw036119; Mon, 1 Feb 2010 18:42:49 +0200 (EET) (envelope-from ekarkkai@pp.htv.fi) Received: from thunderbolt.my.domain (localhost [127.0.0.1]) by thunderbolt.my.domain (8.14.3/8.14.3) with ESMTP id o11GgQL3019285; Mon, 1 Feb 2010 18:42:26 +0200 (EET) (envelope-from ejk@thunderbolt.my.domain) Received: (from ejk@localhost) by thunderbolt.my.domain (8.14.3/8.14.3/Submit) id o11GgQQS019284; Mon, 1 Feb 2010 18:42:26 +0200 (EET) (envelope-from ejk) Date: Mon, 1 Feb 2010 18:42:26 +0200 From: Esa Karkkainen To: freebsd-security@freebsd.org Message-ID: <20100201164226.GA4715@pp.htv.fi> Mail-Followup-To: Esa Karkkainen , freebsd-security@freebsd.org, David Wolfskill , Dmitry Morozovsky References: <20100201004003.GE12157@bunrab.catwhisker.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20100201004003.GE12157@bunrab.catwhisker.org> User-Agent: Mutt/1.4.2.3i X-Mailman-Approved-At: Mon, 01 Feb 2010 19:02:14 +0000 Cc: Dmitry Morozovsky Subject: Re: security scripts diff X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Feb 2010 16:59:10 -0000 On Sun, Jan 31, 2010 at 04:40:03PM -0800, David Wolfskill wrote: > On Mon, Feb 01, 2010 at 03:13:39AM +0300, Dmitry Morozovsky wrote: > > Dear colleagues, > > > > looking at regular security mails I found that foloowing patch would greatly > > desreases amount of false positive reports; it's totally possible I'm missing > > some vital areas, but my current look at security scripts did not reveal any. > > > > What do you think? Thank you in advance. > > ... > > I think maybe -b ("Ignore changes in the amount of white space.") might > be better than -w ("Ignore all white space."), as the presence or > absence of *some* white space can be a signifant difference (e.g., to a > non-FORTRAN IV parser). I've always disliked the feature which lists unchanged files on security emails (100.chksetuid). I've created a patch some time ago. http://www.freebsd.org/cgi/query-pr.cgi?pr=conf/119464 -- "In the beginning the Universe was created. This has made a lot of people very angry and been widely regarded as a bad move." -- Douglas Adams 1952 - 2001