ports/59905: The echoping port is wrongly flagged (security alert)
Stephane Bortzmeyer
bortzmeyer at nic.fr
Tue Dec 2 16:30:29 UTC 2003
>Number: 59905
>Category: ports
>Synopsis: The echoping port is wrongly flagged (security alert)
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: doc-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Dec 02 08:30:24 PST 2003
>Closed-Date:
>Last-Modified:
>Originator: Stephane Bortzmeyer
>Release: FreeBSD 5.1-RELEASE i386
>Organization:
AFNICN
>Environment:
System: FreeBSD fetiche.sources.org 5.1-RELEASE FreeBSD 5.1-RELEASE #0: Thu Jun 5 02:55:42 GMT 2003 root at wv1u.btc.adaptec.com:/usr/obj/usr/src/sys/GENERIC i386
>Description:
When installling the echoping port, it says:
===> SECURITY REPORT: This port has installed the following files
which may act as network servers and may therefore pose a remote
security risk to the system.
/usr/local/bin/echoping
If there are vulnerabilities in these programs there may be a
security risk to the system. FreeBSD makes no guarantee about the
security of ports included in the Ports Collection. Please type 'make
deinstall' to deinstall the port if this is a concern.
For more information, and contact details about the security
status of this software, see the following webpage:
http://echoping.sourceforge.net/
But echoping is *not* a network server and never was. I wonder where
does this strange alert comes from. IMHO, since echoping:
* is not and cannot be a network server,
* is never setuid or set gid,
it should not generate a security report.
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list