Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 24 Oct 1997 10:24:51 -0400 (EDT)
From:      Bernie Doehner <bad@uhf.wireless.net>
To:        Marc Slemko <marcs@znep.com>
Cc:        "Scot W. Hetzel" <hetzels@aol.com>, FreeBSD Ports <ports@FreeBSD.ORG>
Subject:   Re: Apache w/FrontPage Module Port (fwd)
Message-ID:  <Pine.BSF.3.96.971024095941.2081A-100000@uhf.wireless.net>
In-Reply-To: <Pine.BSF.3.95.971023232108.11617O-100000@alive.znep.com>

next in thread | previous in thread | raw e-mail | index | archive | help
> Someone is saying they want to make a package of Apache with the
> frontpage extensions.  That's fine.  There are enough people who
> want to use them to make it worthwhile.  Since that is the goal of the
> particular port, you have to allow it.  That doesn't mean it has to 
> have gaping security holes.

Everyone is entitled to an opinion.
 
> That is not what is being discussed.  I made it clear that this
> is an issue when it is started by root.  My guess (and I think I

It isn't? You aren't listening, I failed to mention that in the first
message, but I certainly mentioned it in all followups and I am now
saying it again, since you appear not to be listening. 

If the server is run by a uid that also owns the directories, it should be
on a port higher than 1024 and NOT started by root.. There, should I say
it again?

> You suggested that, without qualification, that config files and

Yes, in the first message..  Want me to say it again?

> /usr/local/etc/apache should be owned by the user Apache runs as.  This
> advice is simply incorrect and should not be followed; bringing up special
> cases after the fact does not change that.

Come on, give it a rest.. Yes, I forgot to mention  the port>1024, not
started as user in the first message, but I have said it over and over
again here.. 
 




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.971024095941.2081A-100000>