Date: Fri, 12 Mar 1999 18:55:15 +0100 (CET) From: Arjan de Vet <Arjan.deVet@adv.iae.nl> To: cvs-all@freebsd.org Subject: Re: BSD/OS compatibility (was: cvs commit: src/sys/i386/conf .. Message-ID: <199903121755.SAA00355@adv.iae.nl> In-Reply-To: <19990312155153.A39673@nagual.pp.ru> References: <19990312152048.A37814@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
> Micro$oft's attempt at FrontPage 98 server-side extensions for Apache > > Summary > > Description: The setuid root program (fpexe) which comes with the > FrontPage extensions is a pathetic joke security-wise, as Marc Slemko > demonstrates. At the company I work for I changed the fpexe program and apache FP extensions such that fpexe does not need to be setuid anymore. Of course all files are then owned by the userid the webserver is running with (limiting FP functionality I think, never used it myself) and it may still be possible to change files via FP in an unauthorized way. But at least the setuid-root bit on fpexe has gone :-). And because we're using a chrooted Apache too, any setuid-root bit is one bit too much. Arjan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199903121755.SAA00355>