From owner-freebsd-ports Fri Oct 24 07:22:46 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id HAA22470 for ports-outgoing; Fri, 24 Oct 1997 07:22:46 -0700 (PDT) (envelope-from owner-freebsd-ports) Received: from wireless.wdc.net (wireless.wdc.net [204.140.136.28]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id HAA22464 for ; Fri, 24 Oct 1997 07:22:44 -0700 (PDT) (envelope-from bad@uhf.wireless.net) Received: from uhf.wireless.net (uhf.wdc.net [198.147.74.44]) by wireless.wdc.net (8.8.5/8.8.5) with ESMTP id HAA01344; Fri, 24 Oct 1997 07:21:31 -0700 (PDT) Received: from localhost (bad@localhost) by uhf.wireless.net (8.8.7/8.8.7) with SMTP id KAA02152; Fri, 24 Oct 1997 10:24:53 -0400 (EDT) Date: Fri, 24 Oct 1997 10:24:51 -0400 (EDT) From: Bernie Doehner To: Marc Slemko cc: "Scot W. Hetzel" , FreeBSD Ports Subject: Re: Apache w/FrontPage Module Port (fwd) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ports@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > Someone is saying they want to make a package of Apache with the > frontpage extensions. That's fine. There are enough people who > want to use them to make it worthwhile. Since that is the goal of the > particular port, you have to allow it. That doesn't mean it has to > have gaping security holes. Everyone is entitled to an opinion. > That is not what is being discussed. I made it clear that this > is an issue when it is started by root. My guess (and I think I It isn't? You aren't listening, I failed to mention that in the first message, but I certainly mentioned it in all followups and I am now saying it again, since you appear not to be listening. If the server is run by a uid that also owns the directories, it should be on a port higher than 1024 and NOT started by root.. There, should I say it again? > You suggested that, without qualification, that config files and Yes, in the first message.. Want me to say it again? > /usr/local/etc/apache should be owned by the user Apache runs as. This > advice is simply incorrect and should not be followed; bringing up special > cases after the fact does not change that. Come on, give it a rest.. Yes, I forgot to mention the port>1024, not started as user in the first message, but I have said it over and over again here..