Source is availble for two elements of the extensions: fpexe.c mod_frontpage.c The mod_frontpage is the apache module used for the extensions. The fpexe file is a wrapper program that executes the other programs. It is the program that is supposed to be secure. These two are the only source code files available. The rest of the extensions are closed, and you can not review the source code. On Mon, 22 Feb 1999, Alan Brown wrote: > On Fri, 19 Feb 1999, Sitzkrieg Redundus wrote: > > > I spent the bulk my time a few days back convincing the Frontpage 98 > > extensions and Apache 1.3.4 (patched with patch version 3.0.4.3) to play > > nicely. After banging my head against it for a few hours, I got things to > > what I thought was a workable point, and fired up httpd. And got an error > > back about there being a syntax error on line 1 of /dev/null. > > Has anyone properly audited the current Front Page extensions for any > Apache server? My understanding is that these are available soley as > binary/object files and inspection of source is impossible. > > I'd love to know if this has changed, as we refuse to install FP > extensions because for all we know they may be swiss cheese. > > Many other apache server admins will have taken the same position.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:37:25 PDT