Bugtraq mailing list archives
Re: Frontpage extensions under Apache 1.3.4
From: frankm () BEND OR US (Frank Miller)
Date: Tue, 23 Feb 1999 10:35:43 -0800
Marc/Nathan and other bugtraq folk, I utilized fp-patch_apache.1.3.0. It performed changes to httpd.h, httpd_request.c, util.c and of course dumped mod_frontpage.c. Ya'll are correct in that the actual extentions/CGI's are not avaialable. Sorry for the net misunderstanding! I should know better than to send e-mail public in the wee, wee hours of the morn after staying up for a few days working ;}. Frank
-----Original Message----- From: Neulinger, Nathan R. [mailto:nneul () umr edu] Sent: Tuesday, February 23, 1999 9:20 AM To: 'Frank Miller'; BUGTRAQ () netspace org Subject: RE: Frontpage extensions under Apache 1.3.4 The only thing you get source to is the setuid portion and the apache patch. What good does that do you? You still have to trust everything that the setuid routine runs... (i.e. the frontpage executable itself) I have managed to get frontpage installed in a chrooted environment. This is about the only way I'd even vaguely consider installing it. I have it set up for virtual hosted customers (at a local isp) that have chosen to _only_ use frontpage. They either get regular access to a normal virtual host, or they get a frontpage host. -- Nathan ------------------------------------------------------------ Nathan Neulinger EMail: nneul () umr edu University of Missouri - Rolla Phone: (573) 341-4841 Computing Services Fax: (573) 341-4216-----Original Message----- From: Frank Miller [mailto:frankm () BEND OR US] Sent: Monday, February 22, 1999 1:36 PM To: BUGTRAQ () netspace org Subject: Re: Frontpage extensions under Apache 1.3.4 Source is available for Apache FP extentions up to Apache 1.3.*. Have not performed an audit of the source. I have suceeded with minimal munging to apply the patch to Apache 1.3.4. They are rather well hidden on the Microsoft FrontPage admin web site ;]. Frank-----Original Message----- From: Bugtraq List [mailto:BUGTRAQ () netspace org]On BehalfOf Alan BrownSent: Sunday, February 21, 1999 7:16 PM To: BUGTRAQ () netspace org Subject: Re: Frontpage extensions under Apache 1.3.4 On Fri, 19 Feb 1999, Sitzkrieg Redundus wrote:I spent the bulk my time a few days back convincing theFrontpage 98extensions and Apache 1.3.4 (patched with patch version3.0.4.3) to playnicely. After banging my head against it for a few hours, I gotthings towhat I thought was a workable point, and fired up httpd. Andgot an errorback about there being a syntax error on line 1 of /dev/null.Has anyone properly audited the current Front Pageextensions for anyApache server? My understanding is that these are available soley as binary/object files and inspection of source is impossible. I'd love to know if this has changed, as we refuse to install FP extensions because for all we know they may be swiss cheese. Many other apache server admins will have taken the same position. AB
Current thread:
- Frontpage extensions under Apache 1.3.4 Sitzkrieg Redundus (Feb 19)
- Re: Frontpage extensions under Apache 1.3.4 Alan Brown (Feb 21)
- Re: Frontpage extensions under Apache 1.3.4 Frank Miller (Feb 22)
- Re: Frontpage extensions under Apache 1.3.4 greg (Feb 22)
- Re: Frontpage extensions under Apache 1.3.4 pedward () WEBCOM COM (Feb 22)
- <Possible follow-ups>
- Re: Frontpage extensions under Apache 1.3.4 Paul Schandel (Feb 22)
- Re: Frontpage extensions under Apache 1.3.4 Alexander Sanda (Feb 22)
- Re: Frontpage extensions under Apache 1.3.4 Frank Miller (Feb 23)
- Re: Frontpage extensions under Apache 1.3.4 Alan Brown (Feb 21)