Bug#23661: usr/doc should not be accessible through http servers by default

[Turbo Fredriksson <turbo@debian.org>]

>>>>> "Martin" == Martin Schulze <joey@finlandia.Infodrom.North.DE> writes:

    Martin> Julian Gilbey wrote:
    >> Here's an issue.  About two years ago there was a proposal that
    >> the default httpd setup should not allow /usr/doc to be
    >> remotely accessible, as it's a huge security risk.  (Yes, we're
    >> talking about a small amount of "security through obscurity"
    >> here, but we don't need to hand crackers this information on a
    >> golden plate.)
    >> 
    >> Nothing appears to have been done about it.

    Martin> I remember seeing a restriction to localhost in the config
    Martin> that comes with apache.

Mon, 28 Feb 2000 08:20:27 +0100 I uploaded Roxen 1.2.122-7, which fixes
bug #59025, which I can't find in the BTS. Roxen is now at v1.3.122-11.

The entry in my changelog file reads:

  * Include a second filesystem, mounted on /doc/ (real fs: /usr/share/doc/).
    Closes: #59025

So there was a bug report against NOT to include a /doc/ mount...

-- 
spy Ft. Bragg BATF Rule Psix AK-47 subway smuggle PLO Iran Serbian
critical kibo World Trade Center president terrorist