From owner-freebsd-questions@FreeBSD.ORG Fri Nov 9 16:12:53 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 513BB16A41A for ; Fri, 9 Nov 2007 16:12:53 +0000 (UTC) (envelope-from freebsd-questions@slightlystrange.org) Received: from catflap.slightlystrange.org (cpc5-cmbg1-0-0-cust497.cmbg.cable.ntl.com [86.6.1.242]) by mx1.freebsd.org (Postfix) with ESMTP id E443D13C4B0 for ; Fri, 9 Nov 2007 16:12:52 +0000 (UTC) (envelope-from freebsd-questions@slightlystrange.org) Received: by catflap.slightlystrange.org (Postfix, from userid 106) id C4F876195; Fri, 9 Nov 2007 16:12:45 +0000 (GMT) Received: from torus.slightlystrange.org (torus.slightlystrange.org [10.1.3.50]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by catflap.slightlystrange.org (Postfix) with ESMTP id 37D9E614E for ; Fri, 9 Nov 2007 16:12:45 +0000 (GMT) Received: (from danielby@localhost) by torus.slightlystrange.org (8.14.1/8.13.4/Submit) id lA9GChTJ024488 for freebsd-questions@freebsd.org; Fri, 9 Nov 2007 16:12:43 GMT (envelope-from freebsd-questions@slightlystrange.org) Date: Fri, 9 Nov 2007 16:12:43 +0000 From: Daniel Bye To: FreeBSD Questions Message-ID: <20071109161243.GA22326@torus.slightlystrange.org> Mail-Followup-To: FreeBSD Questions References: <47347202.8060103@gmail.com> <47347A3C.1030702@crackmonkey.us> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="WIyZ46R2i8wDzkSu" Content-Disposition: inline In-Reply-To: <47347A3C.1030702@crackmonkey.us> User-Agent: Mutt/1.4.2.3i X-PGP-Fingerprint: D349 B109 0EB8 2554 4D75 B79A 8B17 F97C 1622 166A Subject: Re: strange error when building cups X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Daniel Bye List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Nov 2007 16:12:53 -0000 --WIyZ46R2i8wDzkSu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Nov 09, 2007 at 03:18:20PM +0000, Adam J Richardson wrote: > Aryeh M. Friedman wrote: > >-----BEGIN PGP SIGNED MESSAGE----- > >Hash: SHA1 > > > >Can some tell me what this means and how to fix it: > > > >=3D=3D=3D> cups-pstoraster-8.15.4_1 depends on shared library: cups.2 - > >not found > >=3D=3D=3D> Verifying install for cups.2 in /usr/ports/print/cups-base > >=3D=3D=3D> cups-base-1.3.3 is forbidden: remote execution of arbitrary = code. > >*** Error code 1 > > > >Stop in /FreeBSD/FreeBSD-current/ports/print/cups-base. > >*** Error code 1 > > > >Stop in /FreeBSD/FreeBSD-current/ports/print/cups-pstoraster. > >*** Error code 1 > > > >Stop in /FreeBSD/FreeBSD-current/ports/print/cups. > > >=20 > Hi Aryeh, >=20 > I can't tell you about the error, but: >=20 > %pkg_info | grep cups > cups-base-1.3.3 Common UNIX Printing System > cups-pstoraster-8.15.4_1 Postscript interpreter for CUPS printing to=20 > non-PS printers >=20 > Looks like the same versions. They do build ok. Perhaps a "make clean=20 > distclean" will shake out the bugs? >=20 > 'Remote execution' is interesting. Do you use some sort of load balancer? This means that there is a security flaw outstanding with the print/cups-ba= se package. It could potentially be exploited by an attacker to run arbitrary code on your print server.=20 The warning is being emitted by the following line in the print/cups-base= =20 Makefile: FORBIDDEN=3D remote execution of arbitrary code The fix would be to find the vulnerability and patch it, or failing that, contact the maintainer and see what he says. As a workaround, if you don't care about the vulnerability, you can set NO_IGNORE in the make environment and try again. ports(7) has more detail. Dan --=20 Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ --WIyZ46R2i8wDzkSu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQFHNIb7ixf5fBYiFmoRAoFsAJ9cgxHhNFR349cTn9a2paYGVCh6oQCdFbxx /A5MLxfCnj1OeqYFT7BYjGs= =1/nv -----END PGP SIGNATURE----- --WIyZ46R2i8wDzkSu--