Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 06 Oct 2006 10:26:25 +0100
From:      Alex Zbyslaw <>
To:        Matt Emmerton <>, Alain Wolf <>
Subject:   Re: port php5 - what I am supposed to do here?
Message-ID:  <>
In-Reply-To: <00aa01c6e8fa$fe19ce90$>
References:  <eg4hu4$40i$> <00aa01c6e8fa$fe19ce90$>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Matt Emmerton wrote:

>>Hello List,
>>Portuadit telles my about the "open_basedir Race Condition
>>Vulnerability", OK.
>>By reading the advisory on
>> I can safely say
>>this does not apply to our environment, we don't use open_basedir or
>>safe_mode and Suhosin is planned anyway (after test).
>>So what to do now?
>You've established that the security issue doesn't apply to your
>1) Add "DISABLE_VULNERABILITIES=yes" to /etc/make.conf
>2) Run "portupgrade -u" or "make install clean"
By doing this you have disabled vulnerability checking for *all* ports 
which seems a little extreme.  Either add the flag to pkgtools.conf (for 
portupgrade (and portmanager?)) or use it from the command line with make.


Want to link to this message? Use this URL: <>