From owner-freebsd-security Fri Dec 15 20: 8:42 2000 From owner-freebsd-security@FreeBSD.ORG Fri Dec 15 20:08:40 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from citusc.usc.edu (citusc.usc.edu [128.125.38.123]) by hub.freebsd.org (Postfix) with ESMTP id C95E337B400 for ; Fri, 15 Dec 2000 20:08:39 -0800 (PST) Received: (from kris@localhost) by citusc.usc.edu (8.9.3/8.9.3) id UAA10128; Fri, 15 Dec 2000 20:09:57 -0800 Date: Fri, 15 Dec 2000 20:09:57 -0800 From: Kris Kennaway To: Some Person Cc: freebsd-security@FreeBSD.ORG Subject: Re: Security Update Tool.. Message-ID: <20001215200957.A10030@citusc.usc.edu> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="Dxnq1zWXvFF0Q93v" Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: ; from ntvsunix@hotmail.com on Sat, Dec 16, 2000 at 12:16:29AM +0000 Sender: kris@citusc.usc.edu Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --Dxnq1zWXvFF0Q93v Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Dec 16, 2000 at 12:16:29AM +0000, Some Person wrote: > My question is, is there a util yet that in theory (maybe if so, or if=20 > someone writes one would work differently than what I'm imagining) querie= s a=20 > central database with all the security advisories, checks the local syste= m=20 > for comparisons and vulnerabilities against that database and reports to = the=20 > user who ran the util. Not at present - I was talking to someone a few months ago about doing exactly this: the existing security advisories we publish contain all of the information you need to implement such a thing (at least for ports), although we'd probably need to structure them more rigidly so they can be machine-parsed. However nothing concrete has materialised yet, so there's still plenty of room for interested contributors to step up and help :-) Note that identification of vulnerabilities is different from automated correction of vulnerabilities - in order to do that it needs some fairly complicated infrastructure in the ports system to upgrade ports/packages and handle dependencies etc. Not that I want to dissuade anyone from working on this very worthy project :-) Kris --Dxnq1zWXvFF0Q93v Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6OusRWry0BWjoQKURAkssAKC2aH4/AVM32jSAhv01iQS8fOYP1gCg27a6 EywiLz/klv4eZ5uK5s6g/eU= =rpuO -----END PGP SIGNATURE----- --Dxnq1zWXvFF0Q93v-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message