From owner-freebsd-ports-bugs@FreeBSD.ORG Tue Dec 2 08:30:29 2003 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 37EFB16A4CF for ; Tue, 2 Dec 2003 08:30:29 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id ACCCA43FE9 for ; Tue, 2 Dec 2003 08:30:24 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id hB2GUOFY035032 for ; Tue, 2 Dec 2003 08:30:24 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id hB2GUO5G035029; Tue, 2 Dec 2003 08:30:24 -0800 (PST) (envelope-from gnats) Resent-Date: Tue, 2 Dec 2003 08:30:24 -0800 (PST) Resent-Message-Id: <200312021630.hB2GUO5G035029@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Stephane Bortzmeyer Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CEEBA16A4CE for ; Tue, 2 Dec 2003 08:20:46 -0800 (PST) Received: from maya20.nic.fr (maya20.nic.fr [192.134.4.152]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2269343F93 for ; Tue, 2 Dec 2003 08:20:43 -0800 (PST) (envelope-from bortzmeyer@nic.fr) Received: from vespucci.nic.fr (postfix@vespucci.nic.fr [192.134.4.68]) by maya20.nic.fr (8.12.4/8.12.4) with ESMTP id hB2GKfQW1081607; Tue, 2 Dec 2003 17:20:41 +0100 (CET) Received: by vespucci.nic.fr (Postfix, from userid 1055) id 6EE1CFAA5; Tue, 2 Dec 2003 17:20:41 +0100 (CET) Message-Id: <20031202162041.6EE1CFAA5@vespucci.nic.fr> Date: Tue, 2 Dec 2003 17:20:41 +0100 (CET) From: Stephane Bortzmeyer To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 cc: Stephane Bortzmeyer Subject: ports/59905: The echoping port is wrongly flagged (security alert) X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Dec 2003 16:30:29 -0000 >Number: 59905 >Category: ports >Synopsis: The echoping port is wrongly flagged (security alert) >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Tue Dec 02 08:30:24 PST 2003 >Closed-Date: >Last-Modified: >Originator: Stephane Bortzmeyer >Release: FreeBSD 5.1-RELEASE i386 >Organization: AFNICN >Environment: System: FreeBSD fetiche.sources.org 5.1-RELEASE FreeBSD 5.1-RELEASE #0: Thu Jun 5 02:55:42 GMT 2003 root@wv1u.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC i386 >Description: When installling the echoping port, it says: ===> SECURITY REPORT: This port has installed the following files which may act as network servers and may therefore pose a remote security risk to the system. /usr/local/bin/echoping If there are vulnerabilities in these programs there may be a security risk to the system. FreeBSD makes no guarantee about the security of ports included in the Ports Collection. Please type 'make deinstall' to deinstall the port if this is a concern. For more information, and contact details about the security status of this software, see the following webpage: http://echoping.sourceforge.net/ But echoping is *not* a network server and never was. I wonder where does this strange alert comes from. IMHO, since echoping: * is not and cannot be a network server, * is never setuid or set gid, it should not generate a security report. >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted: