Your message dated Thu, 11 Oct 2001 16:15:57 -1000
with message-id <[EMAIL PROTECTED]>
and subject line withdrawn
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Darren Benham
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 12 Oct 2001 00:35:16 +0000
>From [EMAIL PROTECTED] Thu Oct 11 19:35:15 2001
Return-path: <[EMAIL PROTECTED]>
Received: from uhheph.phys.hawaii.edu [128.171.11.7]
by master.debian.org with esmtp (Exim 3.12 1 (Debian))
id 15rqID-0002Da-00; Thu, 11 Oct 2001 19:35:13 -0500
Received: from uhhepr.phys.hawaii.edu (uhhepr.phys.hawaii.edu [128.171.11.5])
by uhheph.phys.hawaii.edu (8.9.1a/8.9.1) with ESMTP id OAA02078
for <[EMAIL PROTECTED]>; Thu, 11 Oct 2001 14:35:11 -1000 (HST)
Received: (from [EMAIL PROTECTED])
by uhhepr.phys.hawaii.edu (8.9.1a/8.9.1) id OAA20767
for [EMAIL PROTECTED]; Thu, 11 Oct 2001 14:35:07 -1000 (HST)
Date: Thu, 11 Oct 2001 14:35:07 -1000
From: Brian Russo <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: PROPOSAL make cgi-bin applications non-executable by default.
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Delivered-To: [EMAIL PROTECTED]
Package: debian-policy
Severity: wishlist
Version: 3.5.6.0
First attempt at changing policy, so if you have a suggestion, feel
free.
--- policy.sgml Thu Oct 11 14:20:37 2001
+++ policy-cgi.sgml Thu Oct 11 14:31:26 2001
@@ -6471,11 +6471,20 @@
<enumlist>
<item>
<p>
- Cgi-bin executable files are installed in the
+Cgi-bin executable files
+ must be installed non-executable (e.g. mode 0644) by default.
+ The package may ask the user via debconf or similar means to enable the
+ applications, and do so if indicated. The answer may be stored for
future
+ use. The maintainer may opt to print a notification that the user should
+ manually enable the cgi files. The package should present a brief notice
+ of the security risks of cgi applications.
+
+Cgi-bin files are installed in the
directory
<example compact="compact">
/usr/lib/cgi-bin/<var>cgi-bin-name</var>
</example>
and should be referred to as
<example compact="compact">
http://localhost/cgi-bin/<var>cgi-bin-name</var>
--
Unix Staff, High Energy Physics Group <[EMAIL PROTECTED]>
Debian/GNU Linux! http://www.debian.org <[EMAIL PROTECTED]>
---------------------------------------
Received: (at 115312-done) by bugs.debian.org; 12 Oct 2001 02:16:05 +0000
>From [EMAIL PROTECTED] Thu Oct 11 21:16:05 2001
Return-path: <[EMAIL PROTECTED]>
Received: from uhheph.phys.hawaii.edu [128.171.11.7]
by master.debian.org with esmtp (Exim 3.12 1 (Debian))
id 15rrro-00058t-00; Thu, 11 Oct 2001 21:16:05 -0500
Received: from uhhepr.phys.hawaii.edu (uhhepr.phys.hawaii.edu [128.171.11.5])
by uhheph.phys.hawaii.edu (8.9.1a/8.9.1) with ESMTP id QAA15062
for <[EMAIL PROTECTED]>; Thu, 11 Oct 2001 16:16:03 -1000 (HST)
Received: (from [EMAIL PROTECTED])
by uhhepr.phys.hawaii.edu (8.9.1a/8.9.1) id QAA20527
for [EMAIL PROTECTED]; Thu, 11 Oct 2001 16:15:57 -1000 (HST)
Date: Thu, 11 Oct 2001 16:15:57 -1000
From: Brian Russo <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: withdrawn
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Delivered-To: [EMAIL PROTECTED]
withdrawn
--
Unix Staff, High Energy Physics Group <[EMAIL PROTECTED]>
Debian/GNU Linux! http://www.debian.org <[EMAIL PROTECTED]>
