[4175] in bugtraq
Re: Frotpage Extensions and Unix
daemon@ATHENA.MIT.EDU (M.)
Sat Mar 15 14:31:33 1997
Date: Sat, 15 Mar 1997 14:02:32 -0500
Reply-To: "M." <mjastrem@THUNDER.OCIS.TEMPLE.EDU>
From: "M." <mjastrem@THUNDER.OCIS.TEMPLE.EDU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199703141702.SAA21224@user.muenchen.roses.de>
On Mon, 10 Mar 1997, Roland Spatzenegger wrote:
> has anyone ever checked the Unix Frontpage Extensions for security holes ?
> (Haven't found anything in the mailimglist archiv)
> They are distributed as binaries and run as suid root (and are from M$ .-).
>
We were investigating installing them here at Temple U. on the request of
a faculty member. Upon installing FP I it dawned on me that they were entirely
too messy and dangerous to use. (They also managed to take control of
99% of the CPU for a couple of hours!). Rather than risk duplication of
effort, see the following pointer for details :
http://www.mr.net/~fritchie/frontpage.html .
//Michael.
. + . ^
, \|/ michael jastremski ( mike@temple.edu
* -[ ]- http://newsroom.temple.edu ) http://thunder.temple.edu/~mjastrem
. /|\ temple universe // philadelphia, USA
0 .
