Date: Tue, 28 Oct 1997 15:51:43 -0600 From: Karl Denninger <karl@Mcs.Net> To: Marc Slemko <marcs@znep.com> Cc: FreeBSD Ports <ports@FreeBSD.ORG>, FreeBSD ISP <isp@FreeBSD.ORG> Subject: Re: Apache FrontPage Module Port Completed Message-ID: <19971028155143.46119@Mars.Mcs.Net> In-Reply-To: <Pine.BSF.3.95.971028141329.17238C-100000@alive.znep.com>; from Marc Slemko on Tue, Oct 28, 1997 at 02:14:35PM -0700 References: <01bce3e1$541c0340$0500000a@hetzels> <Pine.BSF.3.95.971028141329.17238C-100000@alive.znep.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I STRONGLY recommend that NOBODY load a botch of this kind on ANYTHING. SUID root programs for file transfers should be confined to those which have many YEARS of experience under their belts - like ftpd. There is absolutely NO REASON that Microsoft could not support FTP transfers from Frontpage, and if they did, this entire security fiasco would be moot. And yes, I've told Microsoft this -- for almost two years. They don't care, and until they do, I'm not risking my machines on their no-source code. -- -- Karl Denninger (karl@MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin http://www.mcs.net/~karl | T1's from $600 monthly to FULL DS-3 Service | NEW! K56Flex modem support is now available Voice: [+1 312 803-MCS1 x219]| 56kbps DIGITAL ISDN DOV on analog lines! Fax: [+1 312 803-4929] | 2 FULL DS-3 Internet links; 400Mbps B/W Internal On Tue, Oct 28, 1997 at 02:14:35PM -0700, Marc Slemko wrote: > And as I have said before and just said again in response to the PR > submitting the port, this port also gives anyone instant root on your > system. If that isn't desirable to you, I would suggest you hold off on > using this port right now. > > On Tue, 28 Oct 1997, Scot W. Hetzel wrote: > > > I have completed the port of Apache that uses the FrontPage Module. The > > port can be found at: > > > > ftp://ftp.freebsd.org/pub/FreeBSD/incoming/apache-fp.port.tgz > > > > This port adds the FrontPage Module to Apache, compiles it and installs the > > server. It will then run the fp_install.sh script that will install the BSDI > > 3.0 FrontPage Server Extensions (fp30.bsdi3.tar.Z). It will set the > > permissions for the apache-fp web server, assign an Administrator, and > > install the root web. It will also install per-user webs, and virtual webs > > as directed. > > > > NOTE: > > 1. A New user (www) & group (www) is created during the install as the > > directories /usr/local/etc/apache & /usr/local/www/data must be owned by the > > same user so that new sub-webs can be created. > > > > 2. In order to create a sub-web in a user's directory (~somebody) from > > FrontPage 98, you must first make their directory world writeable. After > > the sub-web is created you should set the permissions back to your sites > > default and make the user the owner of the public_html directory. > > > > Scot > > > > Sorry for the crosspost, but please delete the appropriate address from all > > replies. > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19971028155143.46119>