Date: Sat, 26 Jan 2002 02:24:26 -0600 (CST) From: Ryan Thompson <ryan@sasknow.com> To: Kris Kennaway <kris@obsecurity.org> Cc: ports@FreeBSD.ORG Subject: Re: Improved install-time ports security audit patches Message-ID: <20020126021507.H58790-100000@catalyst.sasknow.net> In-Reply-To: <20020125180735.A71558@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Kris Kennaway wrote to ports@FreeBSD.ORG: > I've made patches to improve the security auditing which is done at > 'make install' time for a port. The new code searches for network > client/servers by checking for the accept() or recvfrom() syscalls, Excellent. > and checks for unsafe functions like gets, mktemp, tempnam, and > tmpnam (and if you have the PORTS_AUDIT env variable set, also > sprintf, strcat and strcpy), and reports on their occurrence in a > binary if they occur in conjunction with the binary being setugid, > or a network client/server. Good stuff. I suppose that this may induce some unwarranted (but possibly useful) paranoia, with harmless/careful uses of gets et. al... Any idea how many ports are going to generate these warnings? I'd guess if it's "most of them", the warnings are likely going to get ignored by many. But, as with the other warnings, when their box gets rooted, at least we can say "I told ya so". :-) - Ryan -- Ryan Thompson <ryan@sasknow.com> Network Administrator, Accounts SaskNow Technologies - http://www.sasknow.com #106-380 3120 8th St E - Saskatoon, SK - S7H 0W2 Tel: 306-664-3600 Fax: 306-664-1161 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020126021507.H58790-100000>