From owner-freebsd-current Tue Jun 6 20:15:38 2000 Delivered-To: freebsd-current@freebsd.org Received: from mail.westbend.net (ns1.westbend.net [209.224.254.131]) by hub.freebsd.org (Postfix) with ESMTP id AC23237BAB8; Tue, 6 Jun 2000 20:15:31 -0700 (PDT) (envelope-from hetzels@westbend.net) Received: from admin (admin.westbend.net [209.224.254.141]) by mail.westbend.net (8.9.3/8.9.3) with SMTP id WAA26787; Tue, 6 Jun 2000 22:15:21 -0500 (CDT) (envelope-from hetzels@westbend.net) Message-ID: <001d01bfd02e$9db01960$8dfee0d1@westbend.net> From: "Scot W. Hetzel" To: "Terry Lambert" , "Phil Regnauld" Cc: "FreeBSD-Ports" , References: <00ea01be374a$b11fa020$1acb2e9c@westbend.net> <199901190354.UAA04699@usr04.primenet.com> <20000606103459.40497@flow.eu.org> Subject: Re: FrontPage Extensions Date: Tue, 6 Jun 2000 22:15:21 -0500 Organization: West Bend Internet MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4029.2901 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4029.2901 Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG From: "Phil Regnauld" > Terry Lambert writes: > > For what it's worth, the FP security issues are very well documented > > by ReadyToRun Software's site (these are the folks who do the UNIX > > ports for Microsoft). > > > > They also keep both BSDI 2.1 and 3.0 binaries available, and they > > know about FreeBSD (it's mentioned in the FAQ as an unsupported > > platform; apparently someone was having problems with the MD5 > > password hashing. Someone who cares should send them mail on how > > to update their FAQ to be more correct, and to raise FreeBSD's > > visibility as a platform -- e.g. what versions to us4e for > > what, install instructions for FreeBSD, etc.). > > FWIW, they now have a native FreeBSD version (FP extensions > SR1, the port needs to be updated BTW) -- works like a charm with minor > changes to one of the port patches. > Yes, there is only a minor change that is needed to the port to get it working with FP 2K SR1. See PR 18581, PR 18788 I did find a problem with fpsrvadm.exe. If you have libcrypt linked to libscrypt, then fpsrvadm.exe creates an invalid MD5 password (I believe the buffer RTR used to hold the password returned from the crypt function is too small for the MD5 passwords). I have informed RTR and they said a fix would be available in the next release. For the time being the port (apache13-fp, or upcomming mod_frontpage) will still need to use the BSDI extentions, and statically compile the apache server with libdescrypt.a on systems where libcrypt is linked to libscrypt. > Caveat: if you misconfigure your VirtualHost in some way, any call > to the FP-patched Apache to that subweb's /_vti_bin/ will make it > (apache) segfault. > > Will debug this if I find time. > I haven't come across this problem. But I do know that it will segfault if you are not using a patched suexec, as the unpatched suexec will not allow fpexe to run. Scot PS. This is off topic for current, so please remove current when replying. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message