From owner-freebsd-ports-bugs@FreeBSD.ORG Sun Apr 17 14:57:07 2005 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7344816A4CE; Sun, 17 Apr 2005 14:57:07 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3ACB543D1F; Sun, 17 Apr 2005 14:57:07 +0000 (GMT) (envelope-from lawrance@FreeBSD.org) Received: from freefall.freebsd.org (lawrance@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.3/8.13.3) with ESMTP id j3HEv7Ds011605; Sun, 17 Apr 2005 14:57:07 GMT (envelope-from lawrance@freefall.freebsd.org) Received: (from lawrance@localhost) by freefall.freebsd.org (8.13.3/8.13.1/Submit) id j3HEv6XA011601; Sun, 17 Apr 2005 14:57:06 GMT (envelope-from lawrance) Date: Sun, 17 Apr 2005 14:57:06 GMT From: Sam Lawrance Message-Id: <200504171457.j3HEv6XA011601@freefall.freebsd.org> To: skywizard@time.net.my, lawrance@FreeBSD.org, freebsd-ports-bugs@FreeBSD.org Subject: Re: ports/25272: Using lang/eperl as cgi/nph binary executor can give anybody the ability to view the content of any file X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Apr 2005 14:57:07 -0000 Synopsis: Using lang/eperl as cgi/nph binary executor can give anybody the ability to view the content of any file State-Changed-From-To: feedback->closed State-Changed-By: lawrance State-Changed-When: Sun Apr 17 14:55:12 GMT 2005 State-Changed-Why: The problem described is not specific to FreeBSD. A warning has been added to pkg-message describing the consequences of using eperl in CGI mode. http://www.freebsd.org/cgi/query-pr.cgi?pr=25272