Date: Thu, 8 Aug 2002 13:51:33 -0400 (EDT) From: Josh Elsasser <jre@vineyard.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/41454: [MAINTAINER-UPDATE] www/cgiwrap: disable debug scripts by default Message-ID: <20020808175133.E75021477C0@joshe.dyndns.org>
next in thread | raw e-mail | index | archive | help
>Number: 41454 >Category: ports >Synopsis: [MAINTAINER-UPDATE] www/cgiwrap: disable debug scripts by default >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Thu Aug 08 11:00:03 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Josh Elsasser >Release: FreeBSD 4.6-STABLE i386 >Organization: >Environment: System: FreeBSD jade.nat 4.6-STABLE FreeBSD 4.6-STABLE #1: Wed Aug 7 23:07:11 EDT 2002 joshe@jade.nat:/usr/obj/usr/src/sys/JADE i386 >Description: The debug scripts cgiwrapd and nph-cgiwrapd give away much information about the CGI environment. >How-To-Repeat: >Fix: Installs cgiwrapd/nph-cgiwrapd as a separate binary and removes suid and execute permissions. A note is added to pkg-message explaining how to enable cgiwrapd/nph-cgiwrapd. This fix was suggested by Neil Darlow <neil@darlow.co.uk>. --- Makefile.orig Mon Aug 5 13:28:44 2002 +++ Makefile Thu Aug 8 13:01:42 2002 @@ -51,7 +51,11 @@ @${MKDIR} ${MAINCGIDIR} post-install: - strip ${MAINCGIDIR}/cgiwrap + ${STRIP_CMD} ${MAINCGIDIR}/cgiwrap + ${RM} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd + ${CP} ${MAINCGIDIR}/cgiwrap ${MAINCGIDIR}/cgiwrapd + ${LN} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd + ${CHMOD} 644 ${MAINCGIDIR}/cgiwrapd .if !defined(NOPORTDOCS) @${MKDIR} ${DOCSDIR} .for file in accesscontrol.html afs.html changes.html comments.html \ --- pkg-message.orig Mon Aug 5 13:28:44 2002 +++ pkg-message Thu Aug 8 13:12:04 2002 @@ -9,6 +9,10 @@ ${PREFIX}/www/cgi-bin ...the default location for Apache's cgi-bin directory. +The cgiwrapd and nph-cgiwrapd scripts are disabled by default, as they +may give away sensitive information about the CGI environment. To +enable them, you must chmod 4755 ${PREFIX}/www/cgi-bin/cgiwrapd + Access control enabled, you must create either ${PREFIX}/etc/cgiwrap.allow or ${PREFIX}/etc/cgiwrap.deny before cgiwrap will function. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020808175133.E75021477C0>