From owner-freebsd-hackers  Tue Feb 21 15:24:59 1995
Return-Path: hackers-owner
Received: (from majordom@localhost) by freefall.cdrom.com (8.6.9/8.6.6) id PAA18767 for hackers-outgoing; Tue, 21 Feb 1995 15:24:59 -0800
Received: from grendel.csc.smith.edu (grendel.csc.smith.edu [131.229.64.23]) by freefall.cdrom.com (8.6.9/8.6.6) with ESMTP id PAA18761 for <hackers@freebsd.org>; Tue, 21 Feb 1995 15:24:55 -0800
Received: from localhost (jfieber@localhost) by grendel.csc.smith.edu (8.6.5/8.6.5) id SAA28355; Tue, 21 Feb 1995 18:24:47 -0500
From: jfieber@cs.smith.edu (John Fieber)
Message-Id: <199502212324.SAA28355@grendel.csc.smith.edu>
Subject: Re: NCSA Httpd 1.3 for FBSD 1.1.5.1?
To: lsys@np.ac.sg (SysAdmin - Ng Pheng Siong)
Date: Tue, 21 Feb 1995 18:24:47 -0500 (EST)
Cc: hackers@FreeBSD.org
In-Reply-To: <199502200303.LAA19238@moondance.np.ac.sg> from "SysAdmin - Ng Pheng Siong" at Feb 20, 95 09:11:24 am
Content-Type: text
Content-Length: 634       
Sender: hackers-owner@FreeBSD.org
Precedence: bulk

SysAdmin - Ng Pheng Siong writes:
> BTW, there has been some concern regarding the security of CERN's bulky 
> common library code, wrt running it on a firewall. Some one at Boulder 
> is working on a simpler caching proxy. Can't recall off-hand, but I can dig 
> the reference up if anyone cares.

Another BTW, I recieved a CERT advisory regarding the NCSA
server.  It included patches.  Apparently it is possible to coax
the server into running arbitrary scripts or somesuch.

-john

=== jfieber@cs.smith.edu ================================================
=================================== Come up and be a kite!  --K. Bush ===