Skip site navigation (1)Skip section navigation (2) 
Date:      Thu,  8 Aug 2002 13:51:33 -0400 (EDT)
From:      Josh Elsasser <jre@vineyard.net>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/41454: [MAINTAINER-UPDATE] www/cgiwrap: disable debug scripts by default
Message-ID:  <20020808175133.E75021477C0@joshe.dyndns.org>
next in thread | raw e-mail | index | archive | help 

>Number:         41454
>Category:       ports
>Synopsis:       [MAINTAINER-UPDATE] www/cgiwrap: disable debug scripts by default
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Aug 08 11:00:03 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Josh Elsasser
>Release:        FreeBSD 4.6-STABLE i386
>Organization:
>Environment:
System: FreeBSD jade.nat 4.6-STABLE FreeBSD 4.6-STABLE #1: Wed Aug 7 23:07:11 EDT 2002 joshe@jade.nat:/usr/obj/usr/src/sys/JADE i386

>Description:
The debug scripts cgiwrapd and nph-cgiwrapd give away much information
about the CGI environment.

>How-To-Repeat:
	
>Fix:

Installs cgiwrapd/nph-cgiwrapd as a separate binary and removes suid
and execute permissions.  A note is added to pkg-message explaining
how to enable cgiwrapd/nph-cgiwrapd.

This fix was suggested by Neil Darlow <neil@darlow.co.uk>.

--- Makefile.orig	Mon Aug  5 13:28:44 2002
+++ Makefile	Thu Aug  8 13:01:42 2002
@@ -51,7 +51,11 @@
 	@${MKDIR} ${MAINCGIDIR}
 
 post-install:
-	strip ${MAINCGIDIR}/cgiwrap
+	${STRIP_CMD} ${MAINCGIDIR}/cgiwrap
+	${RM} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd
+	${CP} ${MAINCGIDIR}/cgiwrap ${MAINCGIDIR}/cgiwrapd
+	${LN} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd
+	${CHMOD} 644 ${MAINCGIDIR}/cgiwrapd
 .if !defined(NOPORTDOCS)
 	@${MKDIR} ${DOCSDIR}
 .for file in accesscontrol.html afs.html changes.html comments.html \


--- pkg-message.orig	Mon Aug  5 13:28:44 2002
+++ pkg-message	Thu Aug  8 13:12:04 2002
@@ -9,6 +9,10 @@
     ${PREFIX}/www/cgi-bin
 ...the default location for Apache's cgi-bin directory.
 
+The cgiwrapd and nph-cgiwrapd scripts are disabled by default, as they
+may give away sensitive information about the CGI environment.  To
+enable them, you must chmod 4755 ${PREFIX}/www/cgi-bin/cgiwrapd
+
 Access control enabled, you must create either
 ${PREFIX}/etc/cgiwrap.allow or ${PREFIX}/etc/cgiwrap.deny before
 cgiwrap will function.
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020808175133.E75021477C0>