From owner-freebsd-isp Wed Oct 29 07:31:32 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id HAA21876 for isp-outgoing; Wed, 29 Oct 1997 07:31:32 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from mrin41.mail.aol.com (mrin41.mx.aol.com [198.81.19.151]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id HAA21858; Wed, 29 Oct 1997 07:31:25 -0800 (PST) (envelope-from Hetzels@aol.com) From: Hetzels@aol.com Received: (from root@localhost) by mrin41.mail.aol.com (8.8.5/8.7.3/AOL-2.0.0) id KAA14948; Wed, 29 Oct 1997 10:30:53 -0500 (EST) Date: Wed, 29 Oct 1997 10:30:53 -0500 (EST) Message-ID: <971029103052_1078707231@mrin41.mail.aol.com> To: karl@mcs.net cc: ports@freebsd.org, isp@freebsd.org Subject: Re: Apache FrontPage Module Port Completed Sender: owner-freebsd-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In a message dated 97-10-28 18:26:35 EST, karl@Mcs.Net (Karl Denninger) writes: > SUID root programs for file transfers should be confined to those which have > many YEARS of experience under their belts - like ftpd. There is absolutely > NO REASON that Microsoft could not support FTP transfers from Frontpage, and > if they did, this entire security fiasco would be moot. > > And yes, I've told Microsoft this -- for almost two years. > > They don't care, and until they do, I'm not risking my machines on their > no-source code. > But they have provided the source code for the FrontPage Module & the fpexe program. Take a look at it. If there is a patch to make it safer let me know and I will gladly include it into the port. Scot