From owner-freebsd-isp Fri Apr 24 07:38:51 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA10418 for freebsd-isp-outgoing; Fri, 24 Apr 1998 07:38:51 -0700 (PDT) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from cam.grad.kiev.ua (grad-UTC-28k8.ukrtel.net [195.5.25.54]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA10313; Fri, 24 Apr 1998 07:38:35 -0700 (PDT) (envelope-from Ruslan@Shevchenko.Kiev.UA) Received: from Shevchenko.Kiev.UA (localhost [127.0.0.1]) by cam.grad.kiev.ua (8.8.8/8.8.5) with ESMTP id RAA22764; Fri, 24 Apr 1998 17:34:50 +0300 (EEST) Message-ID: <3540A2E3.D1737C19@Shevchenko.Kiev.UA> Date: Fri, 24 Apr 1998 17:34:21 +0300 From: Ruslan Shevchenko Reply-To: rssh@grad.kiev.ua Organization: GlavAPU X-Mailer: Mozilla 4.04 [en] (X11; I; FreeBSD 2.2.5-STABLE i386) MIME-Version: 1.0 To: Douglas Stevenson Ng CC: "Scot W. Hetzel" , freebsd-gnats-submit@FreeBSD.ORG, FreeBSD-ISP Subject: Re: ports/4878: Apache w/FrontPage Module Port Update/Security Fix References: <199804240849.QAA00746@robin.careergateway.com> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Douglas Stevenson Ng wrote: > Is there a way I can compile the fp port without the DES libraries? > I am outside of the United States and I believe DES is not available > out of the US. I could be wrong. > > Any advice is appreciated. > ftp.internat.freebsd.org (situated in Europe and have des distribution) > Thanks in advance, > Douglas Ng > webmaster > > At 05:28 PM 4/23/98 -0500, Scot W. Hetzel wrote: > ?Please remove the following apache-fp ports files from the > ?/pub/FreeBSD/development/ports directory as they are obsolete: > ? > ?apache-fp.port.tgz > ?apache-fp_125.diff > ? > ?The latest Apache-Fp port is v126.B and is currently located on > ?ftp://ftp.freebsd.org/pub/FreeBSD/incoming > ? > ?4878.apache-fp.126.b.tgz > ?4878.apache-fp.126_126.b.diff > ? > ?This version of the apache-fp port corrects the following problems: > ? > ?1. More checks for correct DES installations. > ?2. Security Fix for SUEXEC to allow fpexe to by pass it. > ? > ?When suexec+ was included starting with the v125.E port, suexec would run > ?all user cgi programs as root. Which would cause a major security > ?violation. Suexec+ was checking prog ( agrv[0] )= /usr/local/sbin/suexec > ?against FRONTPAGE_EXE = > ?/usr/local/frontpage/version3.0/apache-fp/_vti_bin/fpexe, which always > ?resulted in a value ?0 and would then execute any cgi program as root. > ? > ?This problem is now corrected. In stead of using prog, suexec now uses cmd > ?( argv[3]), and checks if cmd = fpexe. If it does it will then execute > ?fpexe and no other commands. > ? > ?Q. Should I change the uid to HTTPD_USER before I run fpexe? Currently, > ?fpexe is executed with uid=root and gid=www, when executed from suexec. The > ?fpexe executable is suid, also. > ? > ?To compile apache-fp with suexec support: > ? > ?make [build|install] -DSUEXEC [HTTPD_USER=?UID Server Runs as?] > ? > ?NOTE: The default user suexec runs as is "www". So please check your > ?httpd.conf file to determine the user your server is running as. > ? > ?If there are no objections to the port, could somebody please submit it to > ?the Ports Collection? > ? > ?Thanks, > ? > ?Scot W. Hetzel > ? > ? > ? > ?To Unsubscribe: send mail to majordomo@FreeBSD.org > ?with "unsubscribe freebsd-isp" in the body of the message > ? > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message -- @= //RSSH mailto:Ruslan@Shevchenko.Kiev.UA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message