vulnerabilities and installation options
Mel
fbsd.questions at rachie.is-a-geek.net
Wed Jul 16 18:51:33 UTC 2008
On Wednesday 16 July 2008 19:58:22 tethys ocean wrote:
> Verifying install for /usr/local/lib/php/20060613/posix.so in
> /usr/ports/sysutils/php5-posix
> ===> php5-posix-5.2.6 has known vulnerabilities:
> => php -- input validation error in posix_access function.
> Reference: <
> http://www.FreeBSD.org/ports/portaudit/ee6fa2bd-406a-11dd-936a-0015af872849
>.html
Yeah, this is a pretty bogus 'vulnerability', since no sane person uses
safe_mode.
For the time being, I've added the following to /etc/make.conf, but I'm
looking to see if I can come up with a patch for the ports system that allows
you to specify vuln id's you want to ignore.
.if !empty(.CURDIR:M*sysutils/php5-posix*)
DISABLE_VULNERABILITIES=yes
.endif
--
Mel
Problem with today's modular software: they start with the modules
and never get to the software part.
More information about the freebsd-questions
mailing list