From owner-freebsd-isp  Wed Oct 29 07:27:43 1997
Return-Path: <owner-freebsd-isp>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id HAA21590
          for isp-outgoing; Wed, 29 Oct 1997 07:27:43 -0800 (PST)
          (envelope-from owner-freebsd-isp)
Received: from mrin42.mail.aol.com (mrin42.mx.aol.com [198.81.19.152])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id HAA21562;
          Wed, 29 Oct 1997 07:27:33 -0800 (PST)
          (envelope-from Hetzels@aol.com)
From: Hetzels@aol.com
Received: (from root@localhost)
	  by mrin42.mail.aol.com (8.8.5/8.7.3/AOL-2.0.0)
	  id KAA28060;
	  Wed, 29 Oct 1997 10:27:01 -0500 (EST)
Date: Wed, 29 Oct 1997 10:27:01 -0500 (EST)
Message-ID: <971029102701_817384728@mrin42.mail.aol.com>
To: marcs@znep.com
cc: ports@freebsd.org, isp@freebsd.org
Subject: Re: Apache FrontPage Module Port Completed
Sender: owner-freebsd-isp@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

In a message dated 97-10-28 18:04:18 EST, marcs@znep.com (Marc Slemko)
writes:

> And as I have said before and just said again in response to the PR
>  submitting the port, this port also gives anyone instant root on your
>  system.  If that isn't desirable to you, I would suggest you hold off on
>  using this port right now.
>  
It doesn't give instant root, as it checks for uid < 11 & gid < 21 and
rejects them. Also, it will only run 4 programs (shtml.exe, fpcount.exe,
author.exe, or admin.exe), but before it runs them, it will change to the
owner of the directory that it is working in.

Scot