From owner-freebsd-isp Fri Apr 24 01:50:28 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA25213 for freebsd-isp-outgoing; Fri, 24 Apr 1998 01:50:28 -0700 (PDT) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from robin.careergateway.com (root@[203.127.84.110]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA25184; Fri, 24 Apr 1998 01:50:20 -0700 (PDT) (envelope-from douglas@chapters.org) Received: from jay (doug.ng@warraoz.com [203.127.84.101]) by robin.careergateway.com (8.8.8/8.8.8) with SMTP id QAA00746; Fri, 24 Apr 1998 16:49:52 +0800 (SGT) Message-Id: <199804240849.QAA00746@robin.careergateway.com> X-Sender: douglas@pop.chapters.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0 Date: Fri, 24 Apr 1998 16:44:09 +0800 To: "Scot W. Hetzel" , From: Douglas Stevenson Ng Subject: Re: ports/4878: Apache w/FrontPage Module Port Update/Security Fix Cc: "FreeBSD-ISP" In-Reply-To: <02b601bd6f07$2d5d8600$c3e0d9cf@admin.westbend.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Is there a way I can compile the fp port without the DES libraries? I am outside of the United States and I believe DES is not available out of the US. I could be wrong. Any advice is appreciated. Thanks in advance, Douglas Ng webmaster At 05:28 PM 4/23/98 -0500, Scot W. Hetzel wrote: >Please remove the following apache-fp ports files from the >/pub/FreeBSD/development/ports directory as they are obsolete: > >apache-fp.port.tgz >apache-fp_125.diff > >The latest Apache-Fp port is v126.B and is currently located on >ftp://ftp.freebsd.org/pub/FreeBSD/incoming > >4878.apache-fp.126.b.tgz >4878.apache-fp.126_126.b.diff > >This version of the apache-fp port corrects the following problems: > >1. More checks for correct DES installations. >2. Security Fix for SUEXEC to allow fpexe to by pass it. > >When suexec+ was included starting with the v125.E port, suexec would run >all user cgi programs as root. Which would cause a major security >violation. Suexec+ was checking prog ( agrv[0] )= /usr/local/sbin/suexec >against FRONTPAGE_EXE = >/usr/local/frontpage/version3.0/apache-fp/_vti_bin/fpexe, which always >resulted in a value >0 and would then execute any cgi program as root. > >This problem is now corrected. In stead of using prog, suexec now uses cmd >( argv[3]), and checks if cmd = fpexe. If it does it will then execute >fpexe and no other commands. > >Q. Should I change the uid to HTTPD_USER before I run fpexe? Currently, >fpexe is executed with uid=root and gid=www, when executed from suexec. The >fpexe executable is suid, also. > >To compile apache-fp with suexec support: > >make [build|install] -DSUEXEC [HTTPD_USER=] > >NOTE: The default user suexec runs as is "www". So please check your >httpd.conf file to determine the user your server is running as. > >If there are no objections to the port, could somebody please submit it to >the Ports Collection? > >Thanks, > >Scot W. Hetzel > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message