cvs commit: ports/security/portaudit-db/database portaudit.txt
portaudit.xlist portaudit.xml
Tom Rhodes
trhodes at FreeBSD.org
Tue Aug 17 12:36:04 PDT 2004
On Tue, 17 Aug 2004 21:32:05 +0200
Oliver Eikemeier <eikemeier at fillmore-labs.com> wrote:
> Pete Fritchman wrote:
>
> > Perhaps you could use CVS revision IDs (with 'ident'). For example,
> >
> > /usr/bin/passwd:
> > $FreeBSD: src/usr.bin/passwd/passwd.c,v 1.16.2.1 2001/03/12
> > 10:48:08 assar Exp $
> > $FreeBSD: src/usr.sbin/pwd_mkdb/pw_scan.c,v 1.14.2.2 2004/02/22
> > 11:28:06 charnier Exp $
> > $FreeBSD: src/usr.sbin/vipw/pw_util.c,v 1.17.2.4 2002/09/04
> > 15:28:10 des Exp $
> > $FreeBSD: src/libexec/ypxfr/ypxfr_misc.c,v 1.9.2.2 2002/02/15
> > 00:46:54 des Exp $
> > $FreeBSD: src/include/rpcsvc/yp.x,v 1.12 1999/08/27 23:45:12 peter
> > Exp $
> > $FreeBSD: src/include/rpcsvc/yppasswd.x,v 1.6 1999/08/27 23:45:12
> > peter Exp $
> > $FreeBSD: src/usr.sbin/rpc.yppasswdd/yppasswd_private.x,v 1.6
> > 1999/08/28 01:19:41 peter Exp $
> > $FreeBSD: src/usr.sbin/rpc.yppasswdd/yppasswd_private.x,v 1.6
> > 1999/08/28 01:19:41 peter Exp $
> >
> > If a security bug was fixed in passwd.c 1.16.3.1, you could point out
> > that
> > I'm vulnerable. Most of the security advisories include the revision
> > that
> > things were fixed in, so this shouldn't be too hard.
>
> Jacques doens't seem to like this: "Aaaaaahh!". I don't really care
> ident(1) is fine for me, and it seems like this is the only reliable
> indication. OTOH you'll need a couple of references (file, list of
> FreeBSD versions). Doable, so when no other ideas pop up we should do
> this.
Yea, I already mentioned this. We could also stat the UPDATING
file for the entry? Perhaps some kind of string could be checked
with grep or something.
--
Tom Rhodes
More information about the freebsd-vuxml
mailing list