Date: Tue, 24 Apr 2001 12:35:17 -0700 From: Kris Kennaway <kris@obsecurity.org> To: "Bruce A. Mah" <bmah@FreeBSD.ORG> Cc: Kris Kennaway <kris@obsecurity.org>, Sean Chittenden <sean@chittenden.org>, Calvin NG <calvinng@brel.com>, Sean Chittenden <sean-freebsd-stable@chittenden.org>, Jeff Kletsky <Jeff+freebsd@wagsky.com>, freebsd-stable@FreeBSD.ORG Subject: Re: pkg_version perl hacker project Message-ID: <20010424123517.A90547@xor.obsecurity.org> In-Reply-To: <200104241907.f3OJ7u103414@bmah-freebsd-0.cisco.com>; from bmah@FreeBSD.ORG on Tue, Apr 24, 2001 at 12:07:56PM -0700 References: <Pine.BSF.4.21.0104230806060.27435-100000@wildside.wagsky.com> <20010423231827.A19530@rand.tgd.net> <20010424142340.E5216@brel.com> <20010424014833.B19530@rand.tgd.net> <20010424120052.H89156@xor.obsecurity.org> <200104241907.f3OJ7u103414@bmah-freebsd-0.cisco.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--7JfCtLOvnd9MIVvH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Apr 24, 2001 at 12:07:56PM -0700, Bruce A. Mah wrote: > If memory serves me right, Kris Kennaway wrote: >=20 > Couple o' random thoughts, don't have time to look into this myself... >=20 > > This could be done as an extension to pkg_version, since much of the > > code you will need to manage versions is already there, and it's a > > logical extension of that program's function. >=20 > Or you can use pkg_version's -t flag to help with the comparisons if=20 > you think running as a separate script is better. >=20 > > NetBSD have a port called audit-packages which does something similar, > > but not quite the same as the above (last I checked) -- it might still > > be useful as a starting point. >=20 > Think about where to put the parsed set of vulnerable packages. It=20 > might live under /usr/ports or reside somewhere on the network. Use=20 > fetch(1) to grab it from there, like pkg_version does for the INDEX=20 > file. The advisories live in a well-known place (ftp://ftp.freebsd.org/pub/CERT/advisories): an algorithm might be to check the directory for any new files, and mirror them locally to e.g. /var/db/advisories to save on bandwidth the next time the script is ru= n. The script can also display chunks of the advisory to describe the details of a vulnerability it finds. Kris --7JfCtLOvnd9MIVvH Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE65dV1Wry0BWjoQKURAnd9AKD1qALB5TvjPuP0+w++H4XxpXltPQCgqFQP ih0GN0aA5/yB/XOp5bcuI3A= =Hk8i -----END PGP SIGNATURE----- --7JfCtLOvnd9MIVvH-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010424123517.A90547>