Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 06 Oct 2006 10:26:25 +0100
From:      Alex Zbyslaw <xfb52@dial.pipex.com>
To:        Matt Emmerton <matt@gsicomp.on.ca>, Alain Wolf <wolf@k18.ch>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: port php5 - what I am supposed to do here?
Message-ID:  <45262141.1080907@dial.pipex.com>
In-Reply-To: <00aa01c6e8fa$fe19ce90$1200a8c0@gsicomp.on.ca>
References:  <eg4hu4$40i$1@sea.gmane.org> <00aa01c6e8fa$fe19ce90$1200a8c0@gsicomp.on.ca>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Matt Emmerton wrote:

>>Hello List,
>>
>>Portuadit telles my about the "open_basedir Race Condition
>>Vulnerability", OK.
>>
>>By reading the advisory on
>>http://www.hardened-php.net/advisory_082006.132.html I can safely say
>>this does not apply to our environment, we don't use open_basedir or
>>safe_mode and Suhosin is planned anyway (after test).
>>    
>>
>>[...]
>>So what to do now?
>>    
>>
>
>You've established that the security issue doesn't apply to your
>environment.
>
>1) Add "DISABLE_VULNERABILITIES=yes" to /etc/make.conf
>2) Run "portupgrade -u" or "make install clean"
>
>  
>
By doing this you have disabled vulnerability checking for *all* ports 
which seems a little extreme.  Either add the flag to pkgtools.conf (for 
portupgrade (and portmanager?)) or use it from the command line with make.

--Alex





Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?45262141.1080907>