Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 15 Jul 2000 04:07:10 -0600
From:      Warner Losh <imp@village.org>
To:        Stijn Hoop <stijn@win.tue.nl>
Cc:        "Bruce A. Mah" <bmah@cisco.com>, ports@freebsd.org
Subject:   Re: Version question/request 
Message-ID:  <200007151007.EAA46560@harmony.village.org>
In-Reply-To: Your message of "Sat, 15 Jul 2000 11:54:04 %2B0200." <20000715115404.D92785@pcwin002.win.tue.nl> 
References:  <20000715115404.D92785@pcwin002.win.tue.nl>  <200007150511.XAA01511@billy-club.village.org> <200007150550.e6F5o0P02257@bmah-freebsd-0.cisco.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
In message <20000715115404.D92785@pcwin002.win.tue.nl> Stijn Hoop writes:
: On Fri, Jul 14, 2000 at 10:50:00PM -0700, Bruce A. Mah wrote:
: > If memory serves me right, Warner Losh wrote:
: > > I'd like to create a script that runs in /etc/security that will
: > > produce output like the following:
: > > 
: > > YOUR SYSTEM HAS THE FOLLOWING PORTS THAT HAVE KNOWN SECURITY ISSUES IN
: > > THE VERSION YOU ARE RUNNING:
: > > 	woofootd (have 2.1 need 2.2)
: > > 	qpooper (have 2.98 need 3.11)
: > > etc
: 
: Cool idea!
: 
: > Nice.  One thing I'd suggest is that the script gets updated as a part 
: > of the Ports Collection, rather than as one of the source collections.  
: > I'm presuming that many users will cvsup their Ports Collection tree 
: > far more frequently than they'd do a make world.
: 
: I second this.

You wouldn't have to CVSUP anything.  there's be a database maintained
by the security officer that would contain known bad version ranges.
The script would contact a central database server, or one of the
mirrors, grab the whole database (since it will be relatively small),
verify that the key that signed the database is good and then check to
see if the versions that are bad are on the system and whine if they
are.

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200007151007.EAA46560>