Date: Tue, 17 Aug 2004 21:32:05 +0200 From: Oliver Eikemeier <eikemeier@fillmore-labs.com> To: Pete Fritchman <petef@absolutbsd.org> Cc: "Jacques A. Vidrine" <nectar@FreeBSD.org> Subject: Re: cvs commit: ports/security/portaudit-db/database portaudit.txt portaudit.xlist portaudit.xml Message-ID: <1F055B5E-F084-11D8-924A-00039312D914@fillmore-labs.com> In-Reply-To: <20040817185332.2B91D1800A@sirius.firepipe.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Pete Fritchman wrote: > Perhaps you could use CVS revision IDs (with 'ident'). For example, > > /usr/bin/passwd: > $FreeBSD: src/usr.bin/passwd/passwd.c,v 1.16.2.1 2001/03/12 > 10:48:08 assar Exp $ > $FreeBSD: src/usr.sbin/pwd_mkdb/pw_scan.c,v 1.14.2.2 2004/02/22 > 11:28:06 charnier Exp $ > $FreeBSD: src/usr.sbin/vipw/pw_util.c,v 1.17.2.4 2002/09/04 > 15:28:10 des Exp $ > $FreeBSD: src/libexec/ypxfr/ypxfr_misc.c,v 1.9.2.2 2002/02/15 > 00:46:54 des Exp $ > $FreeBSD: src/include/rpcsvc/yp.x,v 1.12 1999/08/27 23:45:12 peter > Exp $ > $FreeBSD: src/include/rpcsvc/yppasswd.x,v 1.6 1999/08/27 23:45:12 > peter Exp $ > $FreeBSD: src/usr.sbin/rpc.yppasswdd/yppasswd_private.x,v 1.6 > 1999/08/28 01:19:41 peter Exp $ > $FreeBSD: src/usr.sbin/rpc.yppasswdd/yppasswd_private.x,v 1.6 > 1999/08/28 01:19:41 peter Exp $ > > If a security bug was fixed in passwd.c 1.16.3.1, you could point out > that > I'm vulnerable. Most of the security advisories include the revision > that > things were fixed in, so this shouldn't be too hard. Jacques doens't seem to like this: "Aaaaaahh!". I don't really care ident(1) is fine for me, and it seems like this is the only reliable indication. OTOH you'll need a couple of references (file, list of FreeBSD versions). Doable, so when no other ideas pop up we should do this. -Oliver
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1F055B5E-F084-11D8-924A-00039312D914>