On Wednesday 16 July 2008 19:58:22 tethys ocean wrote:

>   Verifying install for /usr/local/lib/php/20060613/posix.so in
> /usr/ports/sysutils/php5-posix
> ===>  php5-posix-5.2.6 has known vulnerabilities:
> => php -- input validation error in posix_access function.
>    Reference: <
> http://www.FreeBSD.org/ports/portaudit/ee6fa2bd-406a-11dd-936a-0015af872849
>.html

Yeah, this is a pretty bogus 'vulnerability', since no sane person uses 
safe_mode.
For the time being, I've added the following to /etc/make.conf, but I'm 
looking to see if I can come up with a patch for the ports system that allows 
you to specify vuln id's you want to ignore.

.if !empty(.CURDIR:M*sysutils/php5-posix*)
DISABLE_VULNERABILITIES=yes
.endif

-- 
Mel

Problem with today's modular software: they start with the modules
    and never get to the software part.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to