From owner-freebsd-isp Wed Oct 29 07:27:43 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id HAA21590 for isp-outgoing; Wed, 29 Oct 1997 07:27:43 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from mrin42.mail.aol.com (mrin42.mx.aol.com [198.81.19.152]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id HAA21562; Wed, 29 Oct 1997 07:27:33 -0800 (PST) (envelope-from Hetzels@aol.com) From: Hetzels@aol.com Received: (from root@localhost) by mrin42.mail.aol.com (8.8.5/8.7.3/AOL-2.0.0) id KAA28060; Wed, 29 Oct 1997 10:27:01 -0500 (EST) Date: Wed, 29 Oct 1997 10:27:01 -0500 (EST) Message-ID: <971029102701_817384728@mrin42.mail.aol.com> To: marcs@znep.com cc: ports@freebsd.org, isp@freebsd.org Subject: Re: Apache FrontPage Module Port Completed Sender: owner-freebsd-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In a message dated 97-10-28 18:04:18 EST, marcs@znep.com (Marc Slemko) writes: > And as I have said before and just said again in response to the PR > submitting the port, this port also gives anyone instant root on your > system. If that isn't desirable to you, I would suggest you hold off on > using this port right now. > It doesn't give instant root, as it checks for uid < 11 & gid < 21 and rejects them. Also, it will only run 4 programs (shtml.exe, fpcount.exe, author.exe, or admin.exe), but before it runs them, it will change to the owner of the directory that it is working in. Scot