[rrd-users] 14all: new location / security fix / new release

Rainer Bawidamann rainer.bawidamann at web.de
Thu Feb 7 23:17:28 MET 2002


Hi all!

14all ON SOURCEFORGE

I finally managed to put 14all to sourceforge, just-in-time for the
security problem. You can find future versions here:

       http://my14all.sourceforge.net/


SECURITY: QUICK FIX

A quick fix for the security problem is to remove the following two lines
from your copy of 14all.cgi:

BEGIN { eval { require CGI::Carp; import CGI::Carp qw/fatalsToBrowser/ }
        if $^O !~ m/Win/i };

(these lines make the error message from MRTG_lib appear in the web
browser) - or use the new version.


SECURITY: MY SOLUTION

The fix in 14all is to not allow a config file name to start with '/' or to
contain './' (security freaks: is this good enough?)


NEW VERSION

As you might have guessed with the security update: there is a new version
of 14all on its (new) homepage: 1.1p17

There are some small changes and one new option: 14all*maxrules[target]
This is a boolean option that enables horizontal lines at the "maximum"
values. Another fix is where the links in the page targeted the wrong
server (some will remember: the 'url => relative' patch).

I'm sorry that I didn't had the time to add support for new the mrtg
functions. If anyone wants to help developing 14all I can add you as a
develper on sourceforge (cvs is not setup yet, stay tuned).


Thanks for all your help and patience!

Rainer Bawidamann

--
Unsubscribe mailto:rrd-users-request at list.ee.ethz.ch?subject=unsubscribe
Help        mailto:rrd-users-request at list.ee.ethz.ch?subject=help
Archive     http://www.ee.ethz.ch/~slist/rrd-users
WebAdmin    http://www.ee.ethz.ch/~slist/lsg2.cgi



More information about the rrd-users mailing list