Date: Sat, 16 Nov 2002 22:57:38 -0800 From: Alfred Perlstein <bright@mu.org> To: ports@freebsd.org Cc: knu@freebsd.org, kris@freebsd.org Subject: ports security + portupgrade feature idea Message-ID: <20021117065738.GG6882@elvis.mu.org>
next in thread | raw e-mail | index | archive | help
I cc'd the two who I thought would most get a kick out
of this feature request, maybe you'll pity my ruby/make
feebleness and give this a shot? :)
There needs to be a port variable 'FORBIDDEN_VULNERABLE'.
The idea is that bsd.port.mk will define
FORBIDDEN?=${FORBIDDEN_VULNERABLE}.
The reasoning for this is so that programs like portupgrade can
warn the user if any installed package has become vulnerable and
possibly with an additional option supplied to the upgrade program
automatically remove all such vulnerable installed third party
programs.
It may also be nice to have knobs like:
FORBIDDEN_VULNERABLE_LOCAL, FORBIDDEN_VULNERABLE_REMOTE,
FORBIDDEN_VULNERABLE_TROJAN, referring to the ability to
exploit the program with a local account, remote account, or
tricking the user into opening a file using the program.
There should likely be knobs to quiet FORBIDDEN_VULNERABLE_LOCAL
and FORBIDDEN_VULNERABLE_REMOTE for the cases where
that the administrator knows that the machine is set up such
that only trusted users can log in or reach the machine via
remote means.
--
-Alfred Perlstein [alfred@freebsd.org]
'Instead of asking why a piece of software is using "1970s technology,"
start asking why software is ignoring 30 years of accumulated wisdom.'
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021117065738.GG6882>