Date: Fri, 15 Dec 2000 20:09:57 -0800 From: Kris Kennaway <kris@FreeBSD.ORG> To: Some Person <ntvsunix@hotmail.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Security Update Tool.. Message-ID: <20001215200957.A10030@citusc.usc.edu> In-Reply-To: <F184Mum03yMJiQTyfPe00000f1e@hotmail.com>; from ntvsunix@hotmail.com on Sat, Dec 16, 2000 at 12:16:29AM %2B0000 References: <F184Mum03yMJiQTyfPe00000f1e@hotmail.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Sat, Dec 16, 2000 at 12:16:29AM +0000, Some Person wrote: > My question is, is there a util yet that in theory (maybe if so, or if > someone writes one would work differently than what I'm imagining) queries a > central database with all the security advisories, checks the local system > for comparisons and vulnerabilities against that database and reports to the > user who ran the util. Not at present - I was talking to someone a few months ago about doing exactly this: the existing security advisories we publish contain all of the information you need to implement such a thing (at least for ports), although we'd probably need to structure them more rigidly so they can be machine-parsed. However nothing concrete has materialised yet, so there's still plenty of room for interested contributors to step up and help :-) Note that identification of vulnerabilities is different from automated correction of vulnerabilities - in order to do that it needs some fairly complicated infrastructure in the ports system to upgrade ports/packages and handle dependencies etc. Not that I want to dissuade anyone from working on this very worthy project :-) Kris [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6OusRWry0BWjoQKURAkssAKC2aH4/AVM32jSAhv01iQS8fOYP1gCg27a6 EywiLz/klv4eZ5uK5s6g/eU= =rpuO -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001215200957.A10030>