From owner-freebsd-questions@FreeBSD.ORG Sat Oct 7 01:34:54 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E420116A407 for ; Sat, 7 Oct 2006 01:34:54 +0000 (UTC) (envelope-from freebsd-questions@m.gmane.org) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3CCCD43D45 for ; Sat, 7 Oct 2006 01:34:53 +0000 (GMT) (envelope-from freebsd-questions@m.gmane.org) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1GW15Q-0007dI-JL for freebsd-questions@freebsd.org; Sat, 07 Oct 2006 03:34:44 +0200 Received: from 62-2-105-50.static.cablecom.ch ([62.2.105.50]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 07 Oct 2006 03:34:44 +0200 Received: from wolf by 62-2-105-50.static.cablecom.ch with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 07 Oct 2006 03:34:44 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Alain Wolf Date: Sat, 07 Oct 2006 03:34:30 +0200 Lines: 56 Message-ID: References: <00aa01c6e8fa$fe19ce90$1200a8c0@gsicomp.on.ca> <45262141.1080907@dial.pipex.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: 62-2-105-50.static.cablecom.ch User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) In-Reply-To: <45262141.1080907@dial.pipex.com> X-Enigmail-Version: 0.94.0.0 OpenPGP: id=6CB1BC68; url=http://subkeys.pgp.net:11371/pks/lookup?op=get&search=0x579319666CB1BC68 Sender: news Subject: Re: port php5 - what I am supposed to do here? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Oct 2006 01:34:55 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06.10.2006 11:26, * Alex Zbyslaw wrote: > Matt Emmerton wrote: > >>> Hello List, >>> >>> Portuadit telles my about the "open_basedir Race Condition >>> Vulnerability", OK. >>> >>> By reading the advisory on >>> http://www.hardened-php.net/advisory_082006.132.html I can safely say >>> this does not apply to our environment, we don't use open_basedir or >>> safe_mode and Suhosin is planned anyway (after test). >>> >>> [...] >>> So what to do now? >>> >> >> You've established that the security issue doesn't apply to your >> environment. >> >> 1) Add "DISABLE_VULNERABILITIES=yes" to /etc/make.conf >> 2) Run "portupgrade -u" or "make install clean" >> >> >> > By doing this you have disabled vulnerability checking for *all* ports > which seems a little extreme. Either add the flag to pkgtools.conf (for > portupgrade (and portmanager?)) or use it from the command line with make. > > --Alex Thanks for the advice, as matter of fact this came to my mind too, so I actually did in make.conf was: ... # PHP 5 Port installation options .if${.CURDIR:M*/lang/php5*} DISABLE_VULNERABILITIES=yes .endif ... Greetings -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFJwQmV5MZZmyxvGgRAsdoAKDdHsfC89K70PjrIYFMT7aUiLH2RgCgktA5 1DP/pLzWaI35xOtzc0RwVd0= =RqSa -----END PGP SIGNATURE-----