Date: Fri, 24 Apr 1998 07:40:02 -0700 (PDT) From: Ruslan Shevchenko <Ruslan@Shevchenko.Kiev.UA> To: freebsd-ports Subject: Re: ports/4878: Apache w/FrontPage Module Port Update/Security Fix Message-ID: <199804241440.HAA10965@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/4878; it has been noted by GNATS.
From: Ruslan Shevchenko <Ruslan@Shevchenko.Kiev.UA>
To: Douglas Stevenson Ng <douglas@chapters.org>
Cc: "Scot W. Hetzel" <hetzels@westbend.net>, freebsd-gnats-submit@FreeBSD.ORG,
FreeBSD-ISP <FreeBSD-ISP@FreeBSD.ORG>
Subject: Re: ports/4878: Apache w/FrontPage Module Port Update/Security
Fix
Date: Fri, 24 Apr 1998 17:34:21 +0300
Douglas Stevenson Ng wrote:
> Is there a way I can compile the fp port without the DES libraries?
> I am outside of the United States and I believe DES is not available
> out of the US. I could be wrong.
>
> Any advice is appreciated.
>
ftp.internat.freebsd.org (situated in Europe and have des distribution)
> Thanks in advance,
> Douglas Ng
> webmaster
>
> At 05:28 PM 4/23/98 -0500, Scot W. Hetzel wrote:
> ?Please remove the following apache-fp ports files from the
> ?/pub/FreeBSD/development/ports directory as they are obsolete:
> ?
> ?apache-fp.port.tgz
> ?apache-fp_125.diff
> ?
> ?The latest Apache-Fp port is v126.B and is currently located on
> ?ftp://ftp.freebsd.org/pub/FreeBSD/incoming
> ?
> ?4878.apache-fp.126.b.tgz
> ?4878.apache-fp.126_126.b.diff
> ?
> ?This version of the apache-fp port corrects the following problems:
> ?
> ?1. More checks for correct DES installations.
> ?2. Security Fix for SUEXEC to allow fpexe to by pass it.
> ?
> ?When suexec+ was included starting with the v125.E port, suexec would run
> ?all user cgi programs as root. Which would cause a major security
> ?violation. Suexec+ was checking prog ( agrv[0] )= /usr/local/sbin/suexec
> ?against FRONTPAGE_EXE =
> ?/usr/local/frontpage/version3.0/apache-fp/_vti_bin/fpexe, which always
> ?resulted in a value ?0 and would then execute any cgi program as root.
> ?
> ?This problem is now corrected. In stead of using prog, suexec now uses cmd
> ?( argv[3]), and checks if cmd = fpexe. If it does it will then execute
> ?fpexe and no other commands.
> ?
> ?Q. Should I change the uid to HTTPD_USER before I run fpexe? Currently,
> ?fpexe is executed with uid=root and gid=www, when executed from suexec. The
> ?fpexe executable is suid, also.
> ?
> ?To compile apache-fp with suexec support:
> ?
> ?make [build|install] -DSUEXEC [HTTPD_USER=?UID Server Runs as?]
> ?
> ?NOTE: The default user suexec runs as is "www". So please check your
> ?httpd.conf file to determine the user your server is running as.
> ?
> ?If there are no objections to the port, could somebody please submit it to
> ?the Ports Collection?
> ?
> ?Thanks,
> ?
> ?Scot W. Hetzel
> ?
> ?
> ?
> ?To Unsubscribe: send mail to majordomo@FreeBSD.org
> ?with "unsubscribe freebsd-isp" in the body of the message
> ?
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the message
--
@=
//RSSH mailto:Ruslan@Shevchenko.Kiev.UA
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804241440.HAA10965>