Bug#423638: marked as done (apache2.2-common: a2enmod uses relative path instead of absolute)

Your message dated Sat, 23 Jun 2007 21:08:03 +0200 with message-id <200706232108.11481.sf@debian.org> and subject line apache2.2-common: a2enmod uses relative path instead of absolute has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.)

Debian bug tracking system administrator (administrator, Debian Bugs database)

attached mail follows:

Package: apache2.2-common
Version: 2.2.3-4
Severity: Minor

The shell script `a2enmod` uses a relative path instead of an absolute path when enabling modules. This is minor security concern as it could cause any potential problems whilst running Apache by allowing path traversal.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.debian.org Links debian-announce debian-apache debian-arm-changes debian-beowulf debian-boot debian-cd debian-cd-vendors debian-changes debian-changes-digest debian-isp debian-kde debian-laptop debian-mirrors-announce debian-news debian-security debian-security-announce debian-testing debian-user debian-user-digest Request more information about Pantek

The following patch to fix the problem is included:

• a2enmod 2007-05-13 10:46:21.000000000 -0400 +++ a2enmod.new 2007-05-13 10:46:42.000000000 -0400 @@ -43,7 +43,7 @@ for i in conf load; do if [ -e $SYSCONFDIR/mods-available/$MODNAME.$i -a ! -e $SYSCONFDIR/mods-enabled/$MODNAME.$i ]; then cd $SYSCONFDIR/mods-enabled; - ln -sf ../mods-available/$MODNAME.$i $MODNAME.$i; + ln -sf $SYSCONFDIR/mods-available/$MODNAME.$i $MODNAME.$i; fi done

As I said, this is a minor issue and probably trivial but I'm rather uncomfortable with the fact that it uses a relative path rather than an absolute one like a2ensite.

attached mail follows:

I agree that this is a purely aesthetic issue. There might even be reasons to use relative paths in the links (like running several apache instances with the config dir copied). Therefore, we will not change this.

-- 
To UNSUBSCRIBE, email to debian-apache-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


application/pgp-signature attachment: stored