[rrd-users] 14all: new location / security fix / new release
Rainer Bawidamann
rainer.bawidamann at web.de
Thu Feb 7 23:17:28 MET 2002
Hi all!
14all ON SOURCEFORGE
I finally managed to put 14all to sourceforge, just-in-time for the
security problem. You can find future versions here:
http://my14all.sourceforge.net/
SECURITY: QUICK FIX
A quick fix for the security problem is to remove the following two lines
from your copy of 14all.cgi:
BEGIN { eval { require CGI::Carp; import CGI::Carp qw/fatalsToBrowser/ }
if $^O !~ m/Win/i };
(these lines make the error message from MRTG_lib appear in the web
browser) - or use the new version.
SECURITY: MY SOLUTION
The fix in 14all is to not allow a config file name to start with '/' or to
contain './' (security freaks: is this good enough?)
NEW VERSION
As you might have guessed with the security update: there is a new version
of 14all on its (new) homepage: 1.1p17
There are some small changes and one new option: 14all*maxrules[target]
This is a boolean option that enables horizontal lines at the "maximum"
values. Another fix is where the links in the page targeted the wrong
server (some will remember: the 'url => relative' patch).
I'm sorry that I didn't had the time to add support for new the mrtg
functions. If anyone wants to help developing 14all I can add you as a
develper on sourceforge (cvs is not setup yet, stay tuned).
Thanks for all your help and patience!
Rainer Bawidamann
--
Unsubscribe mailto:rrd-users-request at list.ee.ethz.ch?subject=unsubscribe
Help mailto:rrd-users-request at list.ee.ethz.ch?subject=help
Archive http://www.ee.ethz.ch/~slist/rrd-users
WebAdmin http://www.ee.ethz.ch/~slist/lsg2.cgi
More information about the rrd-users
mailing list