Sunday, May 16, 2004

Disabling Vulnerability Checks with Portaudit

Last month I described the security/portaudit tool, which checks for vulnerable ports and prevents their installation. Sometimes it's reasonable to install a port that has a vulnerability, if the risk is acceptable. For example, the databases/mysql-client port currently reports a security problem when I try to install it:

neely:/usr/ports/databases/mysql40-client$ make
===> mysql-client-4.0.18_1 has known vulnerabilities:
>> MySQL insecure temporary file creation (mysqlbug).
Reference:

>> Please update your ports tree and try again.

This is a minor problem affecting only the 'mysqlbug' script, not core mysql client functionality. We may not see a fix in the MySQL distribution until 4.0.19.

Thanks to Michael Nottebrock, I learned how to install a port with a vulnerability:

neely:/usr/ports/databases/mysql40-client$ make -DDISABLE_VULNERABILITIES
===> Vulnerability check disabled
>> mysql-4.0.18.tar.gz doesn't seem to exist in /usr/ports/distfiles/.
...truncated...

Use make -DDISABLE_VULNERABILITIES with care!

No comments: