From owner-freebsd-audit  Wed Dec  1 22: 1:15 1999
Delivered-To: freebsd-audit@freebsd.org
Received: from gratis.grondar.za (gratis.grondar.za [196.7.18.133])
	by hub.freebsd.org (Postfix) with ESMTP
	id 330D214D0C; Wed,  1 Dec 1999 22:01:03 -0800 (PST)
	(envelope-from mark@grondar.za)
Received: from grondar.za (localhost [127.0.0.1])
	by gratis.grondar.za (8.9.3/8.9.3) with ESMTP id HAA24545;
	Thu, 2 Dec 1999 07:59:56 +0200 (SAST)
	(envelope-from mark@grondar.za)
Message-Id: <199912020559.HAA24545@gratis.grondar.za>
To: Kris Kennaway <kris@hub.freebsd.org>, satoshi@freebsd.org
Cc: audit@freebsd.org
Subject: Re: Auditing ports 
Date: Thu, 02 Dec 1999 07:59:55 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

[ Satoshi CC'ed for comment ]

Satoshi - background: The problem of auditing all 2800 ports was
raised, and was reduced to the problem of auditing those which
we patched to be set[gu]id.

Kris continues:

> A first task would be to identify _which_ ports install set[ug]id
> executables: the easiest way to do this would probably be to install every
> available package on a box at once (or do them in chunks), compile a list
> of set[gu]id files and track them back to which port they came from. We
> can then prioritize this list in terms of potential severity.

Satoshi - is there any way that your ports-building engines can help
us here by (say) spitting out some "ls -laR" lists automatically?

We'll then grep them for s[gu]id bits and do the rest.

M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message