Bug#23661: usr/doc should not be accessible through http servers by default
>>>>> "Martin" == Martin Schulze <joey@finlandia.Infodrom.North.DE> writes:
Martin> Julian Gilbey wrote:
>> Here's an issue. About two years ago there was a proposal that
>> the default httpd setup should not allow /usr/doc to be
>> remotely accessible, as it's a huge security risk. (Yes, we're
>> talking about a small amount of "security through obscurity"
>> here, but we don't need to hand crackers this information on a
>> golden plate.)
>>
>> Nothing appears to have been done about it.
Martin> I remember seeing a restriction to localhost in the config
Martin> that comes with apache.
Mon, 28 Feb 2000 08:20:27 +0100 I uploaded Roxen 1.2.122-7, which fixes
bug #59025, which I can't find in the BTS. Roxen is now at v1.3.122-11.
The entry in my changelog file reads:
* Include a second filesystem, mounted on /doc/ (real fs: /usr/share/doc/).
Closes: #59025
So there was a bug report against NOT to include a /doc/ mount...
--
spy Ft. Bragg BATF Rule Psix AK-47 subway smuggle PLO Iran Serbian
critical kibo World Trade Center president terrorist
Reply to: