cvsup and portupgrade
Alex Zbyslaw
xfb52 at dial.pipex.com
Sun Oct 8 09:11:50 PDT 2006
Zbigniew Szalbot wrote:
>
> On Sun, 8 Oct 2006, Armin Pirkovitsch wrote:
>
>> Well another cvsup won't solve the problem since php hasn't been patched
>> yet. However if you're really sure you need and want this kind of port
>> installed just set the environment variable DISABLE_VULNERABILITIES.
>> However - you should be aware that you'd install a program with a
>> security hole.
>
>
> You are right - it did not help. I do not so much want to install php
> with a security hole as much as I want to patch the hole. From the
> portaudit report I understood that I need to update immediately. And
> hence I am trying to do just that. But as a newbie, I guess I am
> making lots of mistakes on the way.
Portaudit produces alarmist messages for any and every security bug, and
the "advice" it gives to immediately de-install ports is frequently
over-the-top and often unachievable.
Follow the links you get from portaudit to read up about the specific
vulnerabilities to see how they might affect you and the machines you
run. Many vulnerabilities only occur in very specific circumstances or
with very particular option combinations or methods of use. Your usage
of any particular application may never go near the security hole.
If there are security holes you are worried about, then cvsup regularly
and keep an eye out for you package having an upgrade ("portversion -L="
and look for "<"). Or just look regularly for your port in
http://www.freebsd.org/ports/index.html and see when the version number
changes.
--Alex
More information about the freebsd-questions
mailing list