Marc/Nathan and other bugtraq folk, I utilized fp-patch_apache.1.3.0. It performed changes to httpd.h, httpd_request.c, util.c and of course dumped mod_frontpage.c. Ya'll are correct in that the actual extentions/CGI's are not avaialable. Sorry for the net misunderstanding! I should know better than to send e-mail public in the wee, wee hours of the morn after staying up for a few days working ;}. Frank > -----Original Message----- > From: Neulinger, Nathan R. [mailto:nneulat_private] > Sent: Tuesday, February 23, 1999 9:20 AM > To: 'Frank Miller'; BUGTRAQat_private > Subject: RE: Frontpage extensions under Apache 1.3.4 > > > The only thing you get source to is the setuid portion and the > apache patch. > What good does that do you? You still have to trust everything that the > setuid routine runs... (i.e. the frontpage executable itself) > > I have managed to get frontpage installed in a chrooted > environment. This is > about the only way I'd even vaguely consider installing it. I > have it set up > for virtual hosted customers (at a local isp) that have chosen to > _only_ use > frontpage. They either get regular access to a normal virtual > host, or they > get a frontpage host. > > -- Nathan > > ------------------------------------------------------------ > Nathan Neulinger EMail: nneulat_private > University of Missouri - Rolla Phone: (573) 341-4841 > Computing Services Fax: (573) 341-4216 > > > -----Original Message----- > > From: Frank Miller [mailto:frankmat_private] > > Sent: Monday, February 22, 1999 1:36 PM > > To: BUGTRAQat_private > > Subject: Re: Frontpage extensions under Apache 1.3.4 > > > > > > Source is available for Apache FP extentions up to Apache > > 1.3.*. Have not > > performed an audit > > of the source. I have suceeded with minimal munging to apply > > the patch to > > Apache 1.3.4. > > > > They are rather well hidden on the Microsoft FrontPage admin > > web site ;]. > > > > Frank > > > > > -----Original Message----- > > > From: Bugtraq List [mailto:BUGTRAQat_private]On Behalf > > Of Alan Brown > > > Sent: Sunday, February 21, 1999 7:16 PM > > > To: BUGTRAQat_private > > > Subject: Re: Frontpage extensions under Apache 1.3.4 > > > > > > > > > On Fri, 19 Feb 1999, Sitzkrieg Redundus wrote: > > > > > > > I spent the bulk my time a few days back convincing the > > Frontpage 98 > > > > extensions and Apache 1.3.4 (patched with patch version > > 3.0.4.3) to play > > > > nicely. After banging my head against it for a few hours, I got > > > things to > > > > what I thought was a workable point, and fired up httpd. And > > > got an error > > > > back about there being a syntax error on line 1 of /dev/null. > > > > > > Has anyone properly audited the current Front Page > > extensions for any > > > Apache server? My understanding is that these are available soley as > > > binary/object files and inspection of source is impossible. > > > > > > I'd love to know if this has changed, as we refuse to install FP > > > extensions because for all we know they may be swiss cheese. > > > > > > Many other apache server admins will have taken the same position. > > > > > > AB > > > > > >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:37:20 PDT