Date: Fri, 12 Mar 1999 10:29:35 -0800 (PST) From: Marc Slemko <marcs@znep.com> To: "Andrey A. Chernov" <ache@nagual.pp.ru> Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: BSD/OS compatibility (was: cvs commit: src/sys/i386/conf .. Message-ID: <Pine.BSF.4.05.9903121017420.15783-100000@alive.znep.com> In-Reply-To: <19990312155153.A39673@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 12 Mar 1999, Andrey A. Chernov wrote: > On Fri, Mar 12, 1999 at 01:25:44PM +0100, Poul-Henning Kamp wrote: > > Andrey, We're not in the business of selling a religion, we're in the > > business of providing our users with tools and solutions. > > It is strange to provide users with the tools that allow anyone to damage > their files, but if you do that, you know, what you do (it seems that now > almost any weirdness can be done for big money). So, just FYI: most > companies which provide free WWW hosting do not allow FrontPage Extensions > for this reason. For some holes description look at: > > ---------------------------------------------------------------------- > Micro$oft's attempt at FrontPage 98 server-side extensions for Apache > > Summary > > Description: The setuid root program (fpexe) which comes with the > FrontPage extensions is a pathetic joke security-wise, as Marc Slemko > demonstrates. > Author: Marc Slemko <marcs@ZNEP.COM> Since I'm the one that wrote that, maybe you will believe me when I say a couple of things: 1. The issues directly addressed there were fixed by Microsoft a short time after I posted it originally. There are still issues, but they are of a more... oblique nature. 2. It isn't anyone's job to decree that BSD/OS compatibility isn't important because some of the applications that people do use it for have security issues. The fact is that, in certain environments, BSD/OS compatibility is critical. It may be growing less critical, but saying that most BSD/OS binaries can't run on FreeBSD is incorrect. Code generated on BSD/OS 2.x and 3.x with "cc", "gcc", or "gcc2" will run just fine. Because of the fact that you had to use "shlicc2" to use their static shared library scheme, a huge array of software is currently compatible with FreeBSD. There is no reason not to provide a backwards compatibility option. Perhaps compatibility should be the default. Perhaps it should have to be enabled. I'm sure the code will end up written and, hopefully, there will be no silly political agendas that prevent it from being committed. In fact, right now we are running 160000 virtual domains on BSD/OS boxes and, in the long run, there is a possibility of switching to FreeBSD. We don't have any choice but to allow frontpage extensions. The Linux ones would probably work, but I would prefer to use the BSD/OS ones for a few reasons. This is just one particular example; of course I can hack a kernel so that compatibility works again. Dismissing all BSD/OS apps (even though they are a shrinking few) because you don't have any need for them is silly. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9903121017420.15783-100000>