Your message dated Sat, 23 Jun 2007 21:08:03 +0200
with message-id <[EMAIL PROTECTED]>
and subject line apache2.2-common: a2enmod uses relative path instead of
absolute
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: apache2.2-common
Version: 2.2.3-4
Severity: Minor
The shell script `a2enmod` uses a relative path instead of an absolute
path when enabling modules. This is minor security concern as it could
cause any potential problems whilst running Apache by allowing path
traversal.
The following patch to fix the problem is included:
--- a2enmod 2007-05-13 10:46:21.000000000 -0400
+++ a2enmod.new 2007-05-13 10:46:42.000000000 -0400
@@ -43,7 +43,7 @@
for i in conf load; do
if [ -e $SYSCONFDIR/mods-available/$MODNAME.$i -a ! -e
$SYSCONFDIR/mods-enabled/$MODNAME.$i ]; then
cd $SYSCONFDIR/mods-enabled;
- ln -sf ../mods-available/$MODNAME.$i $MODNAME.$i;
+ ln -sf $SYSCONFDIR/mods-available/$MODNAME.$i $MODNAME.$i;
fi
done
As I said, this is a minor issue and probably trivial but I'm rather
uncomfortable with the fact that it uses a relative path rather than an
absolute one like a2ensite.
--- End Message ---
--- Begin Message ---
I agree that this is a purely aesthetic issue. There might even be
reasons to use relative paths in the links (like running several
apache instances with the config dir copied). Therefore, we will not
change this.
pgpADj1Mj53C6.pgp
Description: PGP signature
--- End Message ---
