* On 2014-10-22 at 06:48 PDT, Joe Malcolm wrote: > Jonathan Perkin via smartos-discuss writes: > >* On 2014-10-20 at 16:53 PDT, Joe Malcolm via smartos-discuss wrote: > > > >> Is there a way using pkgin to check packages against the pkgsrc > >> vulnerabilities list? > >> > >> ftp://ftp.netbsd.org/pub/pkgsrc/distfiles/vulnerabilities > > > >No, it's pkg_admin(1)'s job to do that. The normal usage is: > > > > # Download latest vulnerabilities file > > $ pkg_admin fetch-pkg-vulnerabilities > > > > # Show current vulnerabilities in installed packages > > $ pkg_admin audit > > Thank you! Is it the case that images with preinstalled packages will > have the necessary pkg metadata for this to work?
It's a core part of the packaging tools, so any machine where pkgsrc packages are installed will include it. > Also - is there any equivalent for unpackaged things in an image? > E.g., /bin/bash comes to mind. No, the platform is not packaged so this would be difficult. However the platform engineers do a fantastic job at quickly fixing any vulnerabilities in the platform, and there is a lot less software installed compared to what is available through pkgsrc, so usually upgrading to the latest SmartOS will suffice. > >> This file does not seem to be in the githib joyent pkgsrc repository, > >> which may or may not be relevant. > > > >It is distributed outside of pkgsrc deliberately, so that it can > >easily be updated and downloaded independently across branches. > > OK. One more question - if a fix is applied to a specific package > branch (e.g., the bash thing), does that rev the package version in > some way that it will no longer be flagged by pkg_admin audit? Yes, either by upgrading to a new upstream version or by patching the existing one and bumping the 'nb' package revision. The vulnerabilities file lists exact versions which are vulnerable, so either method will prevent the fixed package from showing up. -- Jonathan Perkin - Joyent, Inc. - www.joyent.com ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
