From owner-freebsd-ports Thu Aug 8 11: 0:12 2002 Delivered-To: freebsd-ports@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A02E937B400 for ; Thu, 8 Aug 2002 11:00:04 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0A7D643E65 for ; Thu, 8 Aug 2002 11:00:04 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g78I03JU079234 for ; Thu, 8 Aug 2002 11:00:03 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g78I03EL079233; Thu, 8 Aug 2002 11:00:03 -0700 (PDT) Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B4B6F37B400 for ; Thu, 8 Aug 2002 10:51:35 -0700 (PDT) Received: from joshe.dyndns.org (adsl-141-154-84-124.ba-dsg.net [141.154.84.124]) by mx1.FreeBSD.org (Postfix) with ESMTP id 307AA43E6A for ; Thu, 8 Aug 2002 10:51:35 -0700 (PDT) (envelope-from joshe@joshe.dyndns.org) Received: by joshe.dyndns.org (Postfix, from userid 1000) id E75021477C0; Thu, 8 Aug 2002 13:51:33 -0400 (EDT) Message-Id: <20020808175133.E75021477C0@joshe.dyndns.org> Date: Thu, 8 Aug 2002 13:51:33 -0400 (EDT) From: Josh Elsasser To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: ports/41454: [MAINTAINER-UPDATE] www/cgiwrap: disable debug scripts by default Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 41454 >Category: ports >Synopsis: [MAINTAINER-UPDATE] www/cgiwrap: disable debug scripts by default >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Thu Aug 08 11:00:03 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Josh Elsasser >Release: FreeBSD 4.6-STABLE i386 >Organization: >Environment: System: FreeBSD jade.nat 4.6-STABLE FreeBSD 4.6-STABLE #1: Wed Aug 7 23:07:11 EDT 2002 joshe@jade.nat:/usr/obj/usr/src/sys/JADE i386 >Description: The debug scripts cgiwrapd and nph-cgiwrapd give away much information about the CGI environment. >How-To-Repeat: >Fix: Installs cgiwrapd/nph-cgiwrapd as a separate binary and removes suid and execute permissions. A note is added to pkg-message explaining how to enable cgiwrapd/nph-cgiwrapd. This fix was suggested by Neil Darlow . --- Makefile.orig Mon Aug 5 13:28:44 2002 +++ Makefile Thu Aug 8 13:01:42 2002 @@ -51,7 +51,11 @@ @${MKDIR} ${MAINCGIDIR} post-install: - strip ${MAINCGIDIR}/cgiwrap + ${STRIP_CMD} ${MAINCGIDIR}/cgiwrap + ${RM} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd + ${CP} ${MAINCGIDIR}/cgiwrap ${MAINCGIDIR}/cgiwrapd + ${LN} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd + ${CHMOD} 644 ${MAINCGIDIR}/cgiwrapd .if !defined(NOPORTDOCS) @${MKDIR} ${DOCSDIR} .for file in accesscontrol.html afs.html changes.html comments.html \ --- pkg-message.orig Mon Aug 5 13:28:44 2002 +++ pkg-message Thu Aug 8 13:12:04 2002 @@ -9,6 +9,10 @@ ${PREFIX}/www/cgi-bin ...the default location for Apache's cgi-bin directory. +The cgiwrapd and nph-cgiwrapd scripts are disabled by default, as they +may give away sensitive information about the CGI environment. To +enable them, you must chmod 4755 ${PREFIX}/www/cgi-bin/cgiwrapd + Access control enabled, you must create either ${PREFIX}/etc/cgiwrap.allow or ${PREFIX}/etc/cgiwrap.deny before cgiwrap will function. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message