Date: Sat, 07 Oct 2006 03:34:30 +0200 From: Alain Wolf <wolf@k18.ch> To: freebsd-questions@freebsd.org Subject: Re: port php5 - what I am supposed to do here? Message-ID: <eg7076$nvq$1@sea.gmane.org> In-Reply-To: <45262141.1080907@dial.pipex.com> References: <eg4hu4$40i$1@sea.gmane.org> <00aa01c6e8fa$fe19ce90$1200a8c0@gsicomp.on.ca> <45262141.1080907@dial.pipex.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06.10.2006 11:26, * Alex Zbyslaw wrote: > Matt Emmerton wrote: > >>> Hello List, >>> >>> Portuadit telles my about the "open_basedir Race Condition >>> Vulnerability", OK. >>> >>> By reading the advisory on >>> http://www.hardened-php.net/advisory_082006.132.html I can safely say >>> this does not apply to our environment, we don't use open_basedir or >>> safe_mode and Suhosin is planned anyway (after test). >>> >>> [...] >>> So what to do now? >>> >> >> You've established that the security issue doesn't apply to your >> environment. >> >> 1) Add "DISABLE_VULNERABILITIES=yes" to /etc/make.conf >> 2) Run "portupgrade -u" or "make install clean" >> >> >> > By doing this you have disabled vulnerability checking for *all* ports > which seems a little extreme. Either add the flag to pkgtools.conf (for > portupgrade (and portmanager?)) or use it from the command line with make. > > --Alex Thanks for the advice, as matter of fact this came to my mind too, so I actually did in make.conf was: ... # PHP 5 Port installation options .if${.CURDIR:M*/lang/php5*} DISABLE_VULNERABILITIES=yes .endif ... Greetings -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFJwQmV5MZZmyxvGgRAsdoAKDdHsfC89K70PjrIYFMT7aUiLH2RgCgktA5 1DP/pLzWaI35xOtzc0RwVd0= =RqSa -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?eg7076$nvq$1>