From joshe@joshe.dyndns.org  Thu Aug  8 10:51:35 2002
Return-Path: <joshe@joshe.dyndns.org>
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B4B6F37B400
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  8 Aug 2002 10:51:35 -0700 (PDT)
Received: from joshe.dyndns.org (adsl-141-154-84-124.ba-dsg.net [141.154.84.124])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 307AA43E6A
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  8 Aug 2002 10:51:35 -0700 (PDT)
	(envelope-from joshe@joshe.dyndns.org)
Received: by joshe.dyndns.org (Postfix, from userid 1000)
	id E75021477C0; Thu,  8 Aug 2002 13:51:33 -0400 (EDT)
Message-Id: <20020808175133.E75021477C0@joshe.dyndns.org>
Date: Thu,  8 Aug 2002 13:51:33 -0400 (EDT)
From: Josh Elsasser <jre@vineyard.net>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [MAINTAINER-UPDATE] www/cgiwrap: disable debug scripts by default
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         41454
>Category:       ports
>Synopsis:       [MAINTAINER-UPDATE] www/cgiwrap: disable debug scripts by default
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Aug 08 11:00:03 PDT 2002
>Closed-Date:    Thu Aug 08 11:59:24 PDT 2002
>Last-Modified:  Thu Aug 08 11:59:24 PDT 2002
>Originator:     Josh Elsasser
>Release:        FreeBSD 4.6-STABLE i386
>Organization:
>Environment:
System: FreeBSD jade.nat 4.6-STABLE FreeBSD 4.6-STABLE #1: Wed Aug 7 23:07:11 EDT 2002 joshe@jade.nat:/usr/obj/usr/src/sys/JADE i386

>Description:
The debug scripts cgiwrapd and nph-cgiwrapd give away much information
about the CGI environment.

>How-To-Repeat:
	
>Fix:

Installs cgiwrapd/nph-cgiwrapd as a separate binary and removes suid
and execute permissions.  A note is added to pkg-message explaining
how to enable cgiwrapd/nph-cgiwrapd.

This fix was suggested by Neil Darlow <neil@darlow.co.uk>.

--- Makefile.orig	Mon Aug  5 13:28:44 2002
+++ Makefile	Thu Aug  8 13:01:42 2002
@@ -51,7 +51,11 @@
 	@${MKDIR} ${MAINCGIDIR}
 
 post-install:
-	strip ${MAINCGIDIR}/cgiwrap
+	${STRIP_CMD} ${MAINCGIDIR}/cgiwrap
+	${RM} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd
+	${CP} ${MAINCGIDIR}/cgiwrap ${MAINCGIDIR}/cgiwrapd
+	${LN} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd
+	${CHMOD} 644 ${MAINCGIDIR}/cgiwrapd
 .if !defined(NOPORTDOCS)
 	@${MKDIR} ${DOCSDIR}
 .for file in accesscontrol.html afs.html changes.html comments.html \


--- pkg-message.orig	Mon Aug  5 13:28:44 2002
+++ pkg-message	Thu Aug  8 13:12:04 2002
@@ -9,6 +9,10 @@
     ${PREFIX}/www/cgi-bin
 ...the default location for Apache's cgi-bin directory.
 
+The cgiwrapd and nph-cgiwrapd scripts are disabled by default, as they
+may give away sensitive information about the CGI environment.  To
+enable them, you must chmod 4755 ${PREFIX}/www/cgi-bin/cgiwrapd
+
 Access control enabled, you must create either
 ${PREFIX}/etc/cgiwrap.allow or ${PREFIX}/etc/cgiwrap.deny before
 cgiwrap will function.
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: dwcjr 
State-Changed-When: Thu Aug 8 11:59:14 PDT 2002 
State-Changed-Why:  
Committed, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=41454 
>Unformatted:
