From: "Michael Stauber" Hi Michael,
> > After this and some option-setting Privege separation seems to work fine. > > Correct. That's what I did in my PKGs for the RaQ3, RaQ4, Qube3 and XTR as > well: compile OpenSSH *with* PrivSep and then disable it specifically in > sshd_config I read in another mail you allready found out that setting Compression to "no" (and not as I typo-d "No", thanks to John) and activating PrivSep would do the trick. I by the way did install OpenSSL 0.9.6d, assuming backward compatibility of the libs. Nothing broke just now. > > My next project will be compiling Apache 2.X, together with mod_perl, a new > > perl (needed too), and php. > > I'm not sure if that's a wise idea. So far I still doubt the stability of > Apache 2.X a little, but by all means I'd be interested in your progress on > that if you decide to give it a go. > > FWIW: Compiling and running Apache-1.3.26 isn't that big of an issue if you > can afford to do without Chilisoft and Frontpage support. Aside from that > it's still possible to run the AdmServ. Yeah, I could not see all the consequences for those versions. It seemed I needed to recompile at least php, mod_ssl, mod_auth_pam and mod_perl as well. And mod_perl complained about the old perl version, so that would add a new perl dist to the list. Loosing Chilisoft would be a bit of a downer, but I guess I still own a license so I could get a new one? As for frontpage, I did not know it needed some software support. I thought it was just adding the right dirs and use some <limit PUT> stuff? So then I thought: if I have to do all this, I'd better switch to Apace 2.x now and save me time. mod_ssl is a normal module there, not a patch. And it gives you some nice tricks like cgi's outputting shtml etc. >From a security viewpoint: Adminserver can run perfectly on apache 1.3.20 with the view blowchunks <perl></perl> lines added to the conf. This will break the next time Cobalt brings out an update. For now, I'm also happy with the blowchunks <perl></perl> in the normal apache conf, so I'll probabely wait till summer is gone before doing all this work... (see http://online.securityfocus.com/archive/1/278281 for this blowchunks patch). Jelmer BTW: I seem to have lost the abiliy to spell the word necessairy correctly. Any hints? _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
