[MacPorts] #69187: Updated from version 2.8.1 to 2.9 Crowdstrike altert from IT
MacPorts
noreply at macports.org
Thu Jan 25 17:31:12 UTC 2024
#69187: Updated from version 2.8.1 to 2.9 Crowdstrike altert from IT
-------------------------+-------------------------------------------
Reporter: eraldtroja | Owner: (none)
Type: defect | Status: new
Priority: Normal | Milestone:
Component: base | Version: 2.9.0
Resolution: | Keywords: crowdstrike alerts, data dump
Port: |
-------------------------+-------------------------------------------
Comment (by eraldtroja):
Replying to [comment:1 jmroot]:
> Selfupdate involves downloading the latest tarballs of MacPorts base and
the ports tree with rsync, then installing base if outdated, which is
essentially just a typical `./configure && make && make install`. I don't
know what Crowdstrike considers a "data dump" so it's hard to say what
might have triggered it. There was another ticket about Crowdstrike, where
it didn't like the installer script examining and updating the `macports`
unprivileged user account that we use for running builds: #66878
Ok, where can I get some documentation on what are the exact system
changes that `./configure && make && make install` brings onto the system
in order to have IT consider it and perhaps bring it up with Crowdstrike
to classify it as a false-positive?
I practice very good cyber hygiene, so I am 100% confident that this is
the only change that has triggered their alert.
Thanks!
--
Ticket URL: <https://trac.macports.org/ticket/69187#comment:3>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list