Date: Wed, 29 Oct 1997 09:28:04 -0700 (MST) From: Marc Slemko <marcs@znep.com> To: Hetzels@aol.com Cc: ports@freebsd.org, isp@freebsd.org Subject: Re: Apache FrontPage Module Port Completed Message-ID: <Pine.BSF.3.95.971029091816.22191H-100000@alive.znep.com> In-Reply-To: <971029102701_817384728@mrin42.mail.aol.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Erm... this makes no sense now. It appears you are not doing what you said you would. You said you were having things run as www and you needed the new user so they could be writable. That is a hole. Looking further, it appears like you are not doing this. If a user "www" exists, it has traditionally been used to run the server as. Using it for some different and obscure purpose will lead to trouble. Instead, you created this new user for no reason. Why is it necessary? You say the extensions have to write to the config file and that users have to make their home directory world writable. That does not fit at all with using fpexe, so I assumed you were not and that (as you said) the config files had to be writable by FrontPage. It appears that is not the case. The only thing I can figure out is that you are using Microsoft's install script and that it is broken and doesn't properly support fpexe; in that case, fix the script don't create another user. On Wed, 29 Oct 1997 Hetzels@aol.com wrote: > In a message dated 97-10-28 18:04:18 EST, marcs@znep.com (Marc Slemko) > writes: > > > And as I have said before and just said again in response to the PR > > submitting the port, this port also gives anyone instant root on your > > system. If that isn't desirable to you, I would suggest you hold off on > > using this port right now. > > > It doesn't give instant root, as it checks for uid < 11 & gid < 21 and > rejects them. Also, it will only run 4 programs (shtml.exe, fpcount.exe, > author.exe, or admin.exe), but before it runs them, it will change to the > owner of the directory that it is working in. > > Scot >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.971029091816.22191H-100000>