Date: Wed, 16 Jul 2008 20:51:30 +0200 From: Mel <fbsd.questions@rachie.is-a-geek.net> To: freebsd-questions@freebsd.org Cc: tethys ocean <tethys.ocean@gmail.com> Subject: Re: vulnerabilities and installation options Message-ID: <200807162051.31052.fbsd.questions@rachie.is-a-geek.net> In-Reply-To: <235b80000807161058l22a97386o7e0339df034f62f4@mail.gmail.com> References: <235b80000807161058l22a97386o7e0339df034f62f4@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 16 July 2008 19:58:22 tethys ocean wrote: > Verifying install for /usr/local/lib/php/20060613/posix.so in > /usr/ports/sysutils/php5-posix > ===> php5-posix-5.2.6 has known vulnerabilities: > => php -- input validation error in posix_access function. > Reference: < > http://www.FreeBSD.org/ports/portaudit/ee6fa2bd-406a-11dd-936a-0015af872849 >.html Yeah, this is a pretty bogus 'vulnerability', since no sane person uses safe_mode. For the time being, I've added the following to /etc/make.conf, but I'm looking to see if I can come up with a patch for the ports system that allows you to specify vuln id's you want to ignore. .if !empty(.CURDIR:M*sysutils/php5-posix*) DISABLE_VULNERABILITIES=yes .endif -- Mel Problem with today's modular software: they start with the modules and never get to the software part.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200807162051.31052.fbsd.questions>