Date: Fri, 24 Apr 1998 02:00:02 -0700 (PDT) From: Douglas Stevenson Ng <douglas@chapters.org> To: freebsd-ports Subject: Re: ports/4878: Apache w/FrontPage Module Port Update/Security Fix Message-ID: <199804240900.CAA27554@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/4878; it has been noted by GNATS.
From: Douglas Stevenson Ng <douglas@chapters.org>
To: "Scot W. Hetzel" <hetzels@westbend.net>,
<freebsd-gnats-submit@FreeBSD.ORG>
Cc: "FreeBSD-ISP" <FreeBSD-ISP@FreeBSD.ORG>
Subject: Re: ports/4878: Apache w/FrontPage Module Port Update/Security
Fix
Date: Fri, 24 Apr 1998 16:44:09 +0800
Is there a way I can compile the fp port without the DES libraries?
I am outside of the United States and I believe DES is not available
out of the US. I could be wrong.
Any advice is appreciated.
Thanks in advance,
Douglas Ng
webmaster
At 05:28 PM 4/23/98 -0500, Scot W. Hetzel wrote:
>Please remove the following apache-fp ports files from the
>/pub/FreeBSD/development/ports directory as they are obsolete:
>
>apache-fp.port.tgz
>apache-fp_125.diff
>
>The latest Apache-Fp port is v126.B and is currently located on
>ftp://ftp.freebsd.org/pub/FreeBSD/incoming
>
>4878.apache-fp.126.b.tgz
>4878.apache-fp.126_126.b.diff
>
>This version of the apache-fp port corrects the following problems:
>
>1. More checks for correct DES installations.
>2. Security Fix for SUEXEC to allow fpexe to by pass it.
>
>When suexec+ was included starting with the v125.E port, suexec would run
>all user cgi programs as root. Which would cause a major security
>violation. Suexec+ was checking prog ( agrv[0] )= /usr/local/sbin/suexec
>against FRONTPAGE_EXE =
>/usr/local/frontpage/version3.0/apache-fp/_vti_bin/fpexe, which always
>resulted in a value >0 and would then execute any cgi program as root.
>
>This problem is now corrected. In stead of using prog, suexec now uses cmd
>( argv[3]), and checks if cmd = fpexe. If it does it will then execute
>fpexe and no other commands.
>
>Q. Should I change the uid to HTTPD_USER before I run fpexe? Currently,
>fpexe is executed with uid=root and gid=www, when executed from suexec. The
>fpexe executable is suid, also.
>
>To compile apache-fp with suexec support:
>
>make [build|install] -DSUEXEC [HTTPD_USER=<UID Server Runs as>]
>
>NOTE: The default user suexec runs as is "www". So please check your
>httpd.conf file to determine the user your server is running as.
>
>If there are no objections to the port, could somebody please submit it to
>the Ports Collection?
>
>Thanks,
>
>Scot W. Hetzel
>
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-isp" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804240900.CAA27554>