aboutsummaryrefslogtreecommitdiffstats
path: root/www
diff options
context:
space:
mode:
authordwcjr <dwcjr@FreeBSD.org>2002-08-09 02:58:23 +0800
committerdwcjr <dwcjr@FreeBSD.org>2002-08-09 02:58:23 +0800
commit6b68657a8eb3574b973d1072a701c9130f01fe22 (patch)
tree67c318d01177ce3045d3d9de341f2d71dfdf1193 /www
parent62027e29283631029f2f63584f4067c4a0504c8e (diff)
downloadfreebsd-ports-gnome-6b68657a8eb3574b973d1072a701c9130f01fe22.tar.gz
freebsd-ports-gnome-6b68657a8eb3574b973d1072a701c9130f01fe22.tar.zst
freebsd-ports-gnome-6b68657a8eb3574b973d1072a701c9130f01fe22.zip
Install cgiwrapd/nph-cgiwrapd as a separate binary and removes suid
and execute permissions for security reasons PR: 41454 Submitted by: maintainer
Diffstat (limited to 'www')
-rw-r--r--www/cgiwrap/Makefile7
-rw-r--r--www/cgiwrap/pkg-message4
2 files changed, 10 insertions, 1 deletions
diff --git a/www/cgiwrap/Makefile b/www/cgiwrap/Makefile
index d8926489f8eb..f16432e85f78 100644
--- a/www/cgiwrap/Makefile
+++ b/www/cgiwrap/Makefile
@@ -7,6 +7,7 @@
PORTNAME= cgiwrap
PORTVERSION= 3.7.1
+PORTREVISION= 1
CATEGORIES= www security
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= ${PORTNAME}
@@ -51,7 +52,11 @@ pre-install:
@${MKDIR} ${MAINCGIDIR}
post-install:
- strip ${MAINCGIDIR}/cgiwrap
+ ${STRIP_CMD} ${MAINCGIDIR}/cgiwrap
+ ${RM} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd
+ ${CP} ${MAINCGIDIR}/cgiwrap ${MAINCGIDIR}/cgiwrapd
+ ${LN} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd
+ ${CHMOD} 644 ${MAINCGIDIR}/cgiwrapd
.if !defined(NOPORTDOCS)
@${MKDIR} ${DOCSDIR}
.for file in accesscontrol.html afs.html changes.html comments.html \
diff --git a/www/cgiwrap/pkg-message b/www/cgiwrap/pkg-message
index c4dfb9e01971..cc9557fe7320 100644
--- a/www/cgiwrap/pkg-message
+++ b/www/cgiwrap/pkg-message
@@ -9,6 +9,10 @@ The cgiwrap scripts have been installed in:
${PREFIX}/www/cgi-bin
...the default location for Apache's cgi-bin directory.
+The cgiwrapd and nph-cgiwrapd scripts are disabled by default, as they
+may give away sensitive information about the CGI environment. To
+enable them, you must chmod 4755 ${PREFIX}/www/cgi-bin/cgiwrapd
+
Access control enabled, you must create either
${PREFIX}/etc/cgiwrap.allow or ${PREFIX}/etc/cgiwrap.deny before
cgiwrap will function.