summaryrefslogtreecommitdiff
path: root/security/audit-packages/files
diff options
context:
space:
mode:
Diffstat (limited to 'security/audit-packages/files')
-rw-r--r--security/audit-packages/files/audit-packages.8161
1 files changed, 161 insertions, 0 deletions
diff --git a/security/audit-packages/files/audit-packages.8 b/security/audit-packages/files/audit-packages.8
new file mode 100644
index 00000000000..ddb6e235330
--- /dev/null
+++ b/security/audit-packages/files/audit-packages.8
@@ -0,0 +1,161 @@
+.\" $NetBSD: audit-packages.8,v 1.1 2003/06/12 06:59:31 wiz Exp $
+.Dd June 11, 2003
+.Os
+.Dt AUDIT-PACKAGES 8
+.Sh NAME
+.Nm audit-packages ,
+.Nm download-vulnerability-list
+.Nd show vulnerabilities in installed packages
+.Sh SYNOPSIS
+.Nm
+.Nm download-vulnerability-list
+.Sh DESCRIPTION
+The
+.Nm
+program compares the installed packages with the
+.Pa vulnerabilities
+file and reports any known security issues to standard output.
+This output contains the name and version of the package, the
+type of vulnerability, and an URL for further information for each
+vulnerable package.
+.Pp
+The
+.Nm download-vulnerability-list
+program downloads this file from
+.Pa ftp://ftp.netbsd.org/pub/NetBSD/packages/distfiles/vulnerabilities
+using
+.Xr @FETCH_CMD_SHORT@ 1 .
+This vulnerabilities file documents all known security issues in
+pkgsrc packages and is kept up-to-date by the
+.Nx
+packages team.
+.Pp
+Each line lists the package and vulnerable versions, the type of exploit,
+and an Internet address for further information.
+Commonly, the types of exploits listed are:
+.Bl -bullet -compact -offset indent
+.It
+cross-site-html
+.It
+cross-site-scripting
+.It
+denial-of-service
+.It
+file-permissions
+.It
+local-access
+.It
+local-code-execution
+.It
+local-file-read
+.It
+local-file-removal
+.It
+local-file-write
+.It
+local-root-file-view
+.It
+local-root-shell
+.It
+local-symlink-race
+.It
+local-user-file-view
+.It
+local-user-shell
+.It
+privacy-leak
+.It
+remote-code-execution
+.It
+remote-command-inject
+.It
+remote-file-creation
+.It
+remote-file-read
+.It
+remote-file-view
+.It
+remote-file-write
+.It
+remote-key-theft
+.It
+remote-root-access
+.It
+remote-root-shell
+.It
+remote-script-inject
+.It
+remote-server-admin
+.It
+remote-use-of-secret
+.It
+remote-user-access
+.It
+remote-user-file-view
+.It
+remote-user-shell
+.It
+unknown
+.It
+weak-authentication
+.It
+weak-encryption
+.It
+weak-ssl-authentication
+.El
+.Pp
+By default, the vulnerabilities file is stored in the
+.Pa @PKGVULNDIR@
+directory.
+This can be changed by defining the environment variable
+.Ev PKGVULNDIR
+to the directory containing the vulnerabilities file.
+.Sh ENVIRONMENT
+.Bl -tag -width PKGVULNDIR
+.It Ev PKGVULNDIR
+Specifies the directory containing the
+.Pa vulnerabilities
+file.
+.El
+.Sh FILES
+.Pa @PKGVULNDIR@/vulnerabilities
+.\" .Sh EXAMPLES
+.Sh EXAMPLES
+The
+.Nm download-vulnerability-list
+command can be run via
+.Xr cron 8
+to update the
+.Pa vulnerabilities
+daily.
+And
+.Nm
+can be run via
+.Xr cron 8
+(or with
+.Nx Ns 's
+.Pa /etc/security.local
+daily security script).
+.Sh SEE ALSO
+.Xr pkg_info 1 ,
+.Xr mk.conf 5 ,
+.Xr packages 7 ,
+.Pa @PKGSRCDIR@/mk/bsd.pkg.defaults.mk
+and
+.Rs
+.%T "Documentation on the NetBSD Package System"
+.Re
+.Pa @PKGSRCDIR@/Packages.txt
+.Sh HISTORY
+The
+.Nm
+and
+.Nm download-vulnerability-list
+commands were originally implemented and added to
+.Nx Ns 's
+pkgsrc by
+.An Alistair Crooks
+on September 19, 2000.
+The original idea came from Roland Dowdeswell and Bill Sommerfeld.
+.\" .Sh AUTHORS
+.\" .Sh SECURITY CONSIDERATIONS