From owner-freebsd-questions@FreeBSD.ORG  Fri Oct  6 09:26:36 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 492C216A415
	for <freebsd-questions@freebsd.org>;
	Fri,  6 Oct 2006 09:26:36 +0000 (UTC)
	(envelope-from xfb52@dial.pipex.com)
Received: from smtp-out4.blueyonder.co.uk (smtp-out4.blueyonder.co.uk
	[195.188.213.7])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A314B43D6A
	for <freebsd-questions@freebsd.org>;
	Fri,  6 Oct 2006 09:26:32 +0000 (GMT)
	(envelope-from xfb52@dial.pipex.com)
Received: from [172.23.170.143] (helo=anti-virus02-10)
	by smtp-out4.blueyonder.co.uk with smtp (Exim 4.52)
	id 1GVlyP-0002ZD-J8; Fri, 06 Oct 2006 10:26:29 +0100
Received: from [82.41.253.33] (helo=[192.168.0.2])
	by asmtp-out2.blueyonder.co.uk with esmtp (Exim 4.52)
	id 1GVlyN-0000zr-Se; Fri, 06 Oct 2006 10:26:27 +0100
Message-ID: <45262141.1080907@dial.pipex.com>
Date: Fri, 06 Oct 2006 10:26:25 +0100
From: Alex Zbyslaw <xfb52@dial.pipex.com>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-GB; rv:1.7.13) Gecko/20060515
X-Accept-Language: en
MIME-Version: 1.0
To: Matt Emmerton <matt@gsicomp.on.ca>, Alain Wolf <wolf@k18.ch>
References: <eg4hu4$40i$1@sea.gmane.org>
	<00aa01c6e8fa$fe19ce90$1200a8c0@gsicomp.on.ca>
In-Reply-To: <00aa01c6e8fa$fe19ce90$1200a8c0@gsicomp.on.ca>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
Subject: Re: port php5 - what I am supposed to do here?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Oct 2006 09:26:36 -0000

Matt Emmerton wrote:

>>Hello List,
>>
>>Portuadit telles my about the "open_basedir Race Condition
>>Vulnerability", OK.
>>
>>By reading the advisory on
>>http://www.hardened-php.net/advisory_082006.132.html I can safely say
>>this does not apply to our environment, we don't use open_basedir or
>>safe_mode and Suhosin is planned anyway (after test).
>>    
>>
>>[...]
>>So what to do now?
>>    
>>
>
>You've established that the security issue doesn't apply to your
>environment.
>
>1) Add "DISABLE_VULNERABILITIES=yes" to /etc/make.conf
>2) Run "portupgrade -u" or "make install clean"
>
>  
>
By doing this you have disabled vulnerability checking for *all* ports 
which seems a little extreme.  Either add the flag to pkgtools.conf (for 
portupgrade (and portmanager?)) or use it from the command line with make.

--Alex