Stories
Slash Boxes
Comments

Slash Open Source Project

Slashcode Log In

[ Create a new account ]

Temporary Workaround For CVS Vulnerability

posted by jamiemccarthy on 04:05 PM December 16th, 2004   Printer-friendly   Email story
We've gotten a couple of questions about whether there will be a workaround for site admins who don't want to upgrade into x_2_5_* CVS but who don't want to just wait until the patch comes out next week.

For security reasons, we don't want to reveal too much of what's going on until everyone has had a chance to upgrade, but we will say that you can temporarily make your site immune to the vulnerability by removing the symlinks to search.pl and submit.pl.

I.e.:

# rm /usr/local/slash/site/yoursitename/htdocs/{search, submit}.pl

This will obviously break some functionality on your website. Whether you prefer that to upgrading, and/or to being vulnerable for the next week, is up to you.

Assuming you installed your theme with symlinks (the default), to restore those files at any time later you would run symlink-tool:

# /usr/local/slash/bin/symlink-tool -u yourvirtuser -U

This discussion has been archived. No new comments can be posted.
Display Options Threshold:
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.