Date: Fri, 24 Apr 1998 17:40:02 -0700 (PDT) From: "Scot W. Hetzel" <hetzels@westbend.net> To: freebsd-ports Subject: ports/4878: Apache w/FrontPage Module Port Another Security Fix Message-ID: <199804250040.RAA09843@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/4878; it has been noted by GNATS. From: "Scot W. Hetzel" <hetzels@westbend.net> To: <freebsd-gnats-submit@freebsd.org> Cc: Subject: ports/4878: Apache w/FrontPage Module Port Another Security Fix Date: Fri, 24 Apr 1998 19:33:48 -0500 Please remove the following apache-fp ports files from the /pub/FreeBSD/incoming directory as they are obsolete: 4878.apache-fp.126.b.tgz 4878.apache-fp.126_126.b.diff The latest Apache-fp port is v126.C and is currently located on http://www.westbend.net/~hetzels/apache-fp and ftp://ftp.freebsd.org/pub/FreeBSD/incoming as: 4878.apache-fp.126.c.tgz 4878.apache-fp.126.b_126.c.diff This version of the apache-fp port corrects the following problems: 1. Corrects problem where SUEXEC was executing fpexe as root, users could possibly create a script called "fpexe" and gain root privliges. To compile apache-fp with suexec support: make [build|install] -DSUEXEC [HTTPD_USER=<UID Server Runs as>] NOTE: The default user suexec runs as is "www". So please check your httpd.conf file to determine the user your server is running as. If there are no objections to the port, could somebody please submit it to the Ports Collection? Thanks, Scot W. Hetzel To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804250040.RAA09843>