On Oct 13, 2006, at 10:43 AM, Bill Blue wrote:
It took some massaging, but I was finally able to get all the ports
re-compiled except one, that in the subject line.
php5-5.1.6 refuses to build because of Known Vulnerabilities: php
-- _ecalloc integer overflow vulnerability,
php5-5.1.6_1 refuses to build also because of Known
Vulnerabilities: php -- open_basedir race condition vulnerabilities.
Any suggestions?
1) Install PHP anyway, knowing that it contains known, exploitable
vulnerabilities, via:
cd /usr/ports/lang/php5 && DISABLE_VULNERABILITIES=yes make install
Be aware that people are actively exploiting PHP-based apps using
this hole right now.
Be prepared to reinstall your machine completely from scratch after
it gets hacked.
2) Live without PHP and anything which uses it.
I recommend choosing option #2, where possible, otherwise restricting
the use of PHP to machines which do not contain confidential or
important data, and are kept in your network's DMZ or similiar "semi-
trusted" subnet, rather than on your internal LAN.
--
-Chuck
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
