From owner-freebsd-questions@FreeBSD.ORG Wed Jul 16 18:51:33 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 870E61065676 for ; Wed, 16 Jul 2008 18:51:33 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from snoogles.rachie.is-a-geek.net (rachie.is-a-geek.net [66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id 4D7F78FC17 for ; Wed, 16 Jul 2008 18:51:33 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from localhost (localhost [127.0.0.1]) by snoogles.rachie.is-a-geek.net (Postfix) with ESMTP id 56BB51CD18; Wed, 16 Jul 2008 10:51:32 -0800 (AKDT) From: Mel To: freebsd-questions@freebsd.org Date: Wed, 16 Jul 2008 20:51:30 +0200 User-Agent: KMail/1.9.7 References: <235b80000807161058l22a97386o7e0339df034f62f4@mail.gmail.com> In-Reply-To: <235b80000807161058l22a97386o7e0339df034f62f4@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200807162051.31052.fbsd.questions@rachie.is-a-geek.net> Cc: tethys ocean Subject: Re: vulnerabilities and installation options X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jul 2008 18:51:33 -0000 On Wednesday 16 July 2008 19:58:22 tethys ocean wrote: > Verifying install for /usr/local/lib/php/20060613/posix.so in > /usr/ports/sysutils/php5-posix > ===> php5-posix-5.2.6 has known vulnerabilities: > => php -- input validation error in posix_access function. > Reference: < > http://www.FreeBSD.org/ports/portaudit/ee6fa2bd-406a-11dd-936a-0015af872849 >.html Yeah, this is a pretty bogus 'vulnerability', since no sane person uses safe_mode. For the time being, I've added the following to /etc/make.conf, but I'm looking to see if I can come up with a patch for the ports system that allows you to specify vuln id's you want to ignore. .if !empty(.CURDIR:M*sysutils/php5-posix*) DISABLE_VULNERABILITIES=yes .endif -- Mel Problem with today's modular software: they start with the modules and never get to the software part.