Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 5 Oct 2006 23:53:30 -0400
From:      "Matt Emmerton" <matt@gsicomp.on.ca>
To:        <freebsd-questions@freebsd.org>, "Alain Wolf" <wolf@k18.ch>
Subject:   Re: port php5 - what I am supposed to do here?
Message-ID:  <00aa01c6e8fa$fe19ce90$1200a8c0@gsicomp.on.ca>
References:  <eg4hu4$40i$1@sea.gmane.org>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
> Hello List,
>
> Portuadit telles my about the "open_basedir Race Condition
> Vulnerability", OK.
>
> By reading the advisory on
> http://www.hardened-php.net/advisory_082006.132.html I can safely say
> this does not apply to our environment, we don't use open_basedir or
> safe_mode and Suhosin is planned anyway (after test).
>
> With a "portsnap fetch update" I get a new version php5-5.1.6_1 in my
> portstree, OK.
>
> But "portmanager -u" or even manually with "make install clean"
> everything fails with the following message:
>
> ===>  php5-5.1.6_1 has known vulnerabilities:
> => php -- open_basedir Race Condition Vulnerability.
>    Reference:
>
<http://www.FreeBSD.org/ports/portaudit/edabe438-542f-11db-a5ae-00508d6a62df
.html>
> => Please update your ports tree and try again.
> *** Error code 1
>
> So what to do now?

You've established that the security issue doesn't apply to your
environment.

1) Add "DISABLE_VULNERABILITIES=yes" to /etc/make.conf
2) Run "portupgrade -u" or "make install clean"

Regards,
--
Matt Emmerton




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?00aa01c6e8fa$fe19ce90$1200a8c0>