Date: Tue, 28 Oct 1997 13:10:03 -0800 (PST) From: Marc Slemko <marcs@znep.com> To: freebsd-ports Subject: Re: ports/4878: Apache w/FrontPage Module Port Message-ID: <199710282110.NAA20940@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/4878; it has been noted by GNATS. From: Marc Slemko <marcs@znep.com> To: "Scot W. Hetzel" <hetzels@aol.com> Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: ports/4878: Apache w/FrontPage Module Port Date: Tue, 28 Oct 1997 14:12:13 -0700 (MST) On Tue, 28 Oct 1997, Scot W. Hetzel wrote: > >Description: > This port patches the Apache sources & the FrontPage Server Extensions so > that the FrontPage Module can be compiled into the Apache Server. It will > then create a user (www) & group (www), so that sub-webs may be created > using FrontPage 98, because the directories /usr/local/etc/apache & > /usr/local/www/data must be owned by the same user. I have said this before and I will say this again: this is a damn big security hole and must not be done. If you install this port, anyone can get root on the system you install it on without any effort. This is not acceptable. Microsoft includes patches for Apache and a program called fpexe for this very reason. While I don't particularily recommend them (although the new fixed version seems reasonable; haven't had time to look at it fully yet though), they are a _LOT_ better than giving everyone instant root on the server. -- Marc Slemko | Apache team member marcs@znep.com | marc@apache.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710282110.NAA20940>