[MacPorts] #69187: Updated from version 2.8.1 to 2.9 Crowdstrike altert from IT

MacPorts noreply at macports.org
Thu Jan 25 17:31:12 UTC 2024


#69187: Updated from version 2.8.1 to 2.9 Crowdstrike altert from IT
-------------------------+-------------------------------------------
  Reporter:  eraldtroja  |      Owner:  (none)
      Type:  defect      |     Status:  new
  Priority:  Normal      |  Milestone:
 Component:  base        |    Version:  2.9.0
Resolution:              |   Keywords:  crowdstrike alerts, data dump
      Port:              |
-------------------------+-------------------------------------------

Comment (by eraldtroja):

 Replying to [comment:1 jmroot]:
 > Selfupdate involves downloading the latest tarballs of MacPorts base and
 the ports tree with rsync, then installing base if outdated, which is
 essentially just a typical `./configure && make && make install`. I don't
 know what Crowdstrike considers a "data dump" so it's hard to say what
 might have triggered it. There was another ticket about Crowdstrike, where
 it didn't like the installer script examining and updating the `macports`
 unprivileged user account that we use for running builds: #66878

 Ok, where can I get some documentation on what are the exact system
 changes that `./configure && make && make install` brings onto the system
 in order to have IT consider it and perhaps bring it up with Crowdstrike
 to classify it as a false-positive?

 I practice very good cyber hygiene, so I am 100% confident that this is
 the only change that has triggered their alert.

 Thanks!

-- 
Ticket URL: <https://trac.macports.org/ticket/69187#comment:3>
MacPorts <https://www.macports.org/>
Ports system for macOS


More information about the macports-tickets mailing list