From owner-freebsd-isp Wed Apr 29 16:49:24 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA08105 for freebsd-isp-outgoing; Wed, 29 Apr 1998 16:49:24 -0700 (PDT) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from sky.new.co.za (root@sky.new.co.za [196.25.18.130]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA07979 for ; Wed, 29 Apr 1998 16:48:40 -0700 (PDT) (envelope-from natedogg@natedogg.ml.org) From: natedogg@natedogg.ml.org Received: from natedogg (slip48.new.co.za [196.25.18.111]) by sky.new.co.za (8.8.5/8.8.5) with SMTP id CAA04478; Thu, 30 Apr 1998 02:04:24 -0200 Message-Id: <199804300404.CAA04478@sky.new.co.za> Comments: Authenticated sender is To: Douglas Stevenson Ng Date: Thu, 30 Apr 1998 01:46:44 +0000 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: ports/4878: Apache w/FrontPage Module Port Update/Security CC: In-reply-to: <199804240849.QAA00746@robin.careergateway.com> References: <02b601bd6f07$2d5d8600$c3e0d9cf@admin.westbend.net> X-mailer: Pegasus Mail for Win32 (v2.54) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 24 Apr 98 at 16:44, Douglas Stevenson Ng wrote about Re: ports/4878: Apache w/FrontPage : [User - Douglas Stevenson Ng ] > Date: Fri, 24 Apr 1998 16:44:09 +0800 > To: "Scot W. Hetzel" , > > From: Douglas Stevenson Ng > Subject: Re: ports/4878: Apache w/FrontPage Module Port Update/Security > Fix > Cc: "FreeBSD-ISP" > Is there a way I can compile the fp port without the DES libraries? > I am outside of the United States and I believe DES is not available > out of the US. I could be wrong. > You can download it from ftp.internat.freebsd.org which is a server located in the Republic of South Africa. This version of DES and Kerebos was developed outside of the USA. Regards Jacques > Any advice is appreciated. > > Thanks in advance, > Douglas Ng > webmaster > > At 05:28 PM 4/23/98 -0500, Scot W. Hetzel wrote: > >Please remove the following apache-fp ports files from the > >/pub/FreeBSD/development/ports directory as they are obsolete: > > > >apache-fp.port.tgz > >apache-fp_125.diff > > > >The latest Apache-Fp port is v126.B and is currently located on > >ftp://ftp.freebsd.org/pub/FreeBSD/incoming > > > >4878.apache-fp.126.b.tgz > >4878.apache-fp.126_126.b.diff > > > >This version of the apache-fp port corrects the following problems: > > > >1. More checks for correct DES installations. > >2. Security Fix for SUEXEC to allow fpexe to by pass it. > > > >When suexec+ was included starting with the v125.E port, suexec would run > >all user cgi programs as root. Which would cause a major security > >violation. Suexec+ was checking prog ( agrv[0] )= /usr/local/sbin/suexec > >against FRONTPAGE_EXE = > >/usr/local/frontpage/version3.0/apache-fp/_vti_bin/fpexe, which always > >resulted in a value >0 and would then execute any cgi program as root. > > > >This problem is now corrected. In stead of using prog, suexec now uses cmd > >( argv[3]), and checks if cmd = fpexe. If it does it will then execute > >fpexe and no other commands. > > > >Q. Should I change the uid to HTTPD_USER before I run fpexe? Currently, > >fpexe is executed with uid=root and gid=www, when executed from suexec. The > >fpexe executable is suid, also. > > > >To compile apache-fp with suexec support: > > > >make [build|install] -DSUEXEC [HTTPD_USER=] > > > >NOTE: The default user suexec runs as is "www". So please check your > >httpd.conf file to determine the user your server is running as. > > > >If there are no objections to the port, could somebody please submit it to > >the Ports Collection? > > > >Thanks, > > > >Scot W. Hetzel > > > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-isp" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > -- NateDogg - natedogg@natedogg.ml.org Founder of the NateNet IRC Network try out irc.jacques.ml.org ;-) *efg* Admin of oberon.nate-net.ml.org - NateDogg's IRC Server Admin of rhyno.nate-net.ml.org - NateDogg's CTN-HUB Server NateDogg is a IRC Operators - Server Administator - Services Administator To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message