Date: Fri, 24 Oct 1997 10:24:51 -0400 (EDT) From: Bernie Doehner <bad@uhf.wireless.net> To: Marc Slemko <marcs@znep.com> Cc: "Scot W. Hetzel" <hetzels@aol.com>, FreeBSD Ports <ports@FreeBSD.ORG> Subject: Re: Apache w/FrontPage Module Port (fwd) Message-ID: <Pine.BSF.3.96.971024095941.2081A-100000@uhf.wireless.net> In-Reply-To: <Pine.BSF.3.95.971023232108.11617O-100000@alive.znep.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Someone is saying they want to make a package of Apache with the > frontpage extensions. That's fine. There are enough people who > want to use them to make it worthwhile. Since that is the goal of the > particular port, you have to allow it. That doesn't mean it has to > have gaping security holes. Everyone is entitled to an opinion. > That is not what is being discussed. I made it clear that this > is an issue when it is started by root. My guess (and I think I It isn't? You aren't listening, I failed to mention that in the first message, but I certainly mentioned it in all followups and I am now saying it again, since you appear not to be listening. If the server is run by a uid that also owns the directories, it should be on a port higher than 1024 and NOT started by root.. There, should I say it again? > You suggested that, without qualification, that config files and Yes, in the first message.. Want me to say it again? > /usr/local/etc/apache should be owned by the user Apache runs as. This > advice is simply incorrect and should not be followed; bringing up special > cases after the fact does not change that. Come on, give it a rest.. Yes, I forgot to mention the port>1024, not started as user in the first message, but I have said it over and over again here..
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.971024095941.2081A-100000>