Date: Tue, 2 Dec 2003 17:20:41 +0100 (CET) From: Stephane Bortzmeyer <bortzmeyer@nic.fr> To: FreeBSD-gnats-submit@FreeBSD.org Cc: Stephane Bortzmeyer <bortzmeyer@nic.fr> Subject: ports/59905: The echoping port is wrongly flagged (security alert) Message-ID: <20031202162041.6EE1CFAA5@vespucci.nic.fr> Resent-Message-ID: <200312021630.hB2GUO5G035029@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 59905 >Category: ports >Synopsis: The echoping port is wrongly flagged (security alert) >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Tue Dec 02 08:30:24 PST 2003 >Closed-Date: >Last-Modified: >Originator: Stephane Bortzmeyer >Release: FreeBSD 5.1-RELEASE i386 >Organization: AFNICN >Environment: System: FreeBSD fetiche.sources.org 5.1-RELEASE FreeBSD 5.1-RELEASE #0: Thu Jun 5 02:55:42 GMT 2003 root@wv1u.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC i386 >Description: When installling the echoping port, it says: ===> SECURITY REPORT: This port has installed the following files which may act as network servers and may therefore pose a remote security risk to the system. /usr/local/bin/echoping If there are vulnerabilities in these programs there may be a security risk to the system. FreeBSD makes no guarantee about the security of ports included in the Ports Collection. Please type 'make deinstall' to deinstall the port if this is a concern. For more information, and contact details about the security status of this software, see the following webpage: http://echoping.sourceforge.net/ But echoping is *not* a network server and never was. I wonder where does this strange alert comes from. IMHO, since echoping: * is not and cannot be a network server, * is never setuid or set gid, it should not generate a security report. >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031202162041.6EE1CFAA5>