Summary: | ports-mgmt/pkg: local overrides for pkg audit | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Garrett Wollman <wollman> | ||||
Component: | Individual Port(s) | Assignee: | Baptiste Daroussin <bapt> | ||||
Status: | In Progress --- | ||||||
Severity: | Affects Only Me | CC: | bapt, w.schwarzenfeld, zingelman | ||||
Priority: | Normal | ||||||
Version: | Latest | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Description
Garrett Wollman
2014-02-05 21:10:00 UTC
Responsible Changed From-To: freebsd-ports-bugs->portmgr Over to maintainer. Sorry for delay. I do like this idea, and if someone contributes it I'll be happy, unfortunatly for now I have no time to work on it Created attachment 174064 [details]
Patch to allow sysadmin to list vuxml entries to ignore
Attached is a simple patch to add back this functionality.
Thanks I will look into it as soon as I find enough free time. I would prefer not to use the old portaudit.conf configuration file, but have this within pkg config file throught something like: audit_ignore: [ { name: "ruby" }, # ignore all ruby vuln { name: "ruby", version: "1.2.4_7" } ignore ruby 1.2.4_7 like ] That would allow to get some magical override like: .include(glob=true) "/usr/local/etc/audit/*.conf" where each ignore can be a single file (very helpful to populate via automation tools (In reply to Baptiste Daroussin from comment #4) However, it's really necessary to be able to ignore specific vulnids, not just all vulns for a package. If I've examined a disclosure and determined it doesn't present an issue (e.g., the current set of zone-transfer "vulns" issued against all authoritative nameserver implementations but which only affect the tiny fraction of operators who provide slave service for untrusted zones), I still need to find out about *other* vulns against the same package. yup I forgot to mention we could audit_ignore : [ { uuid: XXXXX } ] The same way Is this still relevant? Yes, it is still relevant. |