portaudit reports: how to exclude a specific vulnerability
Daniel Pittman
daniel at rimspace.net
Mon Oct 31 02:34:44 PST 2005
"Michael C. Shultz" <ringworm01 at gmail.com> writes:
> On Sunday 30 October 2005 22:45, you wrote:
G'day.
[...]
>> I can't work out how to tell portaudit to stop bothering me about
>> [a single] particular vulnerability, though.
>>
>> Can I ask it to exclude a vulnerability, or (ever better) a
>> vulnerability/package combination, from reports?
>
> I think this will do it, put it in /etc/make.conf
>
> .if ${.CURDIR:M*/security/p5-Crypt-OpenPGP}
> DISABLE_VULNERABILITIES="YES"
> .endif
Hrm. That doesn't exclude it from the command line tool, and a quick
check of the periodic/security file tells me that it won't work in the
periodic runs either.
Unfortunately, portaudit only seems to support the 'portaudit_fixed'
system for marking a problem in the core OS fixed, not for individual
versions.
More searching also shows a comment from the author(s) to the effect
that this would be easy to extend to non-core packages, but that has not
been done yet.
Ah, well. Either a local patch, or I just cope with the problem, I
guess.
Daniel
More information about the freebsd-questions
mailing list