Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 07 Oct 2006 03:34:30 +0200
From:      Alain Wolf <wolf@k18.ch>
To:        freebsd-questions@freebsd.org
Subject:   Re: port php5 - what I am supposed to do here?
Message-ID:  <eg7076$nvq$1@sea.gmane.org>
In-Reply-To: <45262141.1080907@dial.pipex.com>
References:  <eg4hu4$40i$1@sea.gmane.org>	<00aa01c6e8fa$fe19ce90$1200a8c0@gsicomp.on.ca> <45262141.1080907@dial.pipex.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06.10.2006 11:26, * Alex Zbyslaw wrote:
> Matt Emmerton wrote:
> 
>>> Hello List,
>>>
>>> Portuadit telles my about the "open_basedir Race Condition
>>> Vulnerability", OK.
>>>
>>> By reading the advisory on
>>> http://www.hardened-php.net/advisory_082006.132.html I can safely say
>>> this does not apply to our environment, we don't use open_basedir or
>>> safe_mode and Suhosin is planned anyway (after test).
>>>   
>>> [...]
>>> So what to do now?
>>>   
>>
>> You've established that the security issue doesn't apply to your
>> environment.
>>
>> 1) Add "DISABLE_VULNERABILITIES=yes" to /etc/make.conf
>> 2) Run "portupgrade -u" or "make install clean"
>>
>>  
>>
> By doing this you have disabled vulnerability checking for *all* ports
> which seems a little extreme.  Either add the flag to pkgtools.conf (for
> portupgrade (and portmanager?)) or use it from the command line with make.
> 
> --Alex

Thanks for the advice, as matter of fact this came to my mind too, so I
actually did in make.conf was:

...
# PHP 5 Port installation options
.if${.CURDIR:M*/lang/php5*}
DISABLE_VULNERABILITIES=yes
.endif
...

Greetings



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFJwQmV5MZZmyxvGgRAsdoAKDdHsfC89K70PjrIYFMT7aUiLH2RgCgktA5
1DP/pLzWaI35xOtzc0RwVd0=
=RqSa
-----END PGP SIGNATURE-----




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?eg7076$nvq$1>