Package: apache2.2-common
Version: 2.2.3-4
Severity: Minor
The shell script `a2enmod` uses a relative path instead of an absolute
path when enabling modules. This is minor security concern as it could
cause any potential problems whilst running Apache by allowing path
traversal.
The following patch to fix the problem is included:
--- a2enmod 2007-05-13 10:46:21.000000000 -0400
+++ a2enmod.new 2007-05-13 10:46:42.000000000 -0400
@@ -43,7 +43,7 @@
for i in conf load; do
if [ -e $SYSCONFDIR/mods-available/$MODNAME.$i -a ! -e
$SYSCONFDIR/mods-enabled/$MODNAME.$i ]; then
cd $SYSCONFDIR/mods-enabled;
- ln -sf ../mods-available/$MODNAME.$i $MODNAME.$i;
+ ln -sf $SYSCONFDIR/mods-available/$MODNAME.$i $MODNAME.$i;
fi
done
As I said, this is a minor issue and probably trivial but I'm rather
uncomfortable with the fact that it uses a relative path rather than an
absolute one like a2ensite.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
