Reported version numbers of base openssl and sshd
Dag-Erling Smørgrav
des at des.no
Wed Oct 5 06:28:51 UTC 2016
"Roger Eddins" <roger at purplecat.net> writes:
> Question: Could version number obfuscation be added to openssl and sshd or
> have the proper relative patch version number reported from the binaries in
> the base system?
>
> Reasoning: PCI compliance is becoming an extreme problem due to scanning
> false positives from certain vendors and a big time waster with older
> FreeBSD releases reporting the original base version number even after patch
> updates.
I've been asked this before. My answer was that either the tools or the
people wielding them are deficient, and I haven't changed my mind.
How do they handle RHEL?
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-hackers
mailing list