Bug#110260: marked as done (1.3.12-2 -> 1.3.19-1: not allowing symlinked root any more)

To: Fabio Massimo Di Nitto <fabbione@fabbione.net>
Cc: Debian Apache Maintainers <debian-apache@lists.debian.org>, apache@packages.qa.debian.org
Subject: Bug#110260: marked as done (1.3.12-2 -> 1.3.19-1: not allowing symlinked root any more)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Tue, 29 Apr 2003 06:03:21 -0500
Message-id: <[🔎] handler.110260.D110260.10516139704771.ackdone@bugs.debian.org>
In-reply-to: <Pine.LNX.4.53.0304291253450.25314@trider-g7.ext.fabbione.net>
References: <Pine.LNX.4.53.0304291253450.25314@trider-g7.ext.fabbione.net> <E15bJp8-0000g7-00@tpo2.sourcepole>

Your message dated Tue, 29 Apr 2003 12:59:23 +0200 (CEST)
with message-id <Pine.LNX.4.53.0304291253450.25314@trider-g7.ext.fabbione.net>
and subject line (no subject)
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 27 Aug 2001 10:41:04 +0000
>From tpo@sourcepole.ch Mon Aug 27 05:41:04 2001
Return-path: <tpo@sourcepole.ch>
Received: from smtp.datacomm.ch (flu-smtp-01.datacomm.ch) [212.40.5.52] 
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 15bJpI-0000uo-00; Mon, 27 Aug 2001 05:41:04 -0500
Received: from tpo2.sourcepole (adsl-43-47-basel1.tiscalinet.ch [212.254.43.47])
	by flu-smtp-01.datacomm.ch (8.11.6/8.11.6) with ESMTP id f7RAf2N12583;
	Mon, 27 Aug 2001 12:41:02 +0200
Received: from tpo by tpo2.sourcepole with local (Exim 3.31 #1 (Debian))
	id 15bJp8-0000g7-00; Mon, 27 Aug 2001 12:40:54 +0200
From: Tomas Pospisek <tpo_deb@sourcepole.ch>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: 1.3.12-2 -> 1.3.19-1: not allowing symlinked root any more
X-Reportbug-Version: 1.23
X-Mailer: reportbug 1.23
Date: Mon, 27 Aug 2001 12:40:54 +0200
Message-Id: <E15bJp8-0000g7-00@tpo2.sourcepole>
Sender: Tomas Pospisek <tpo@sourcepole.ch>
Delivered-To: submit@bugs.debian.org

Package: apache
Version: 1.3.19-1
Severity: important

>From 1.3.12-2 to 1.3.19-1 apache's default behavour aparently changed
in that the roor (/var/www) can not be a symlink any more:

	[Mon Aug 27 12:00:52 2001] [error] [client 127.0.0.1] Symbolic link not
	allowed: /var/www/

This breaks my configuration.

IMHO an update should:

* either go smoothely, without breaking your running system
* ask for your configuration, warning you that things will possibly break
  and point you to some explanation or documentation

<rant>I started with sendmail as a MTA. After x updates, which *every* time
      broke my runing system I gave up and switched to exim, which has updated
	  like a charm ever since.
	  Unfortunately more often than not apache breaks after an update :-(,
	  which is why I don't update apache unless some security bug *forces*
	  me to. This time I just didn't pay enough attention and dselect did
	  it "automagicaly" for me :-/
	  Sigh.
</rant>
*t

-- System Information
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux tpo2 2.4.4 #1 Mon May 14 20:49:56 CEST 2001 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages apache depends on:
ii  apache-common                1.3.19-1    Support files for all Apache webse
ii  libc6                        2.2.4-1     GNU C Library: Shared libraries an
ii  libdb2                       2:2.7.7.0-1 The Berkeley database routines (ru
ii  mime-support                 3.12-1      MIME files 'mime.types' & 'mailcap
ii  perl                         5.6.1-5     Larry Wall's Practical Extraction 
ii  perl [perl5]                 5.6.1-5     Larry Wall's Practical Extraction 


---------------------------------------
Received: (at 110260-done) by bugs.debian.org; 29 Apr 2003 10:59:30 +0000
>From fabbione@fabbione.net Tue Apr 29 05:59:29 2003
Return-path: <fabbione@fabbione.net>
Received: from port5.ds1-sby.adsl.cybercity.dk (trider-g7.fabbione.net) [212.242.169.198] 
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 19ASpc-0001Eg-00; Tue, 29 Apr 2003 05:59:28 -0500
Received: from trider-g7.ext.fabbione.net (port5.ds1-sby.adsl.cybercity.dk [212.242.169.198])
	by trider-g7.fabbione.net (Postfix) with ESMTP id 3991D13
	for <110260-done@bugs.debian.org>; Tue, 29 Apr 2003 12:59:25 +0200 (CEST)
Date: Tue, 29 Apr 2003 12:59:23 +0200 (CEST)
From: Fabio Massimo Di Nitto <fabbione@fabbione.net>
Sender: fabbione@trider-g7.ext.fabbione.net
To: 110260-done@bugs.debian.org
Message-ID: <Pine.LNX.4.53.0304291253450.25314@trider-g7.ext.fabbione.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Delivered-To: 110260-done@bugs.debian.org
X-Spam-Status: No, hits=-7.3 required=4.0
	tests=BAYES_20,SIGNATURE_SHORT_SPARSE,USER_AGENT_PINE
	version=2.53
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.53 (1.174.2.15-2003-03-30-exp)


I am closing this bug since the usage of SymLinksIfOwnerMatch is
recommended and it enforces a more strict security control over the
contents of the pages.

Fabio

-- 
Our mission: make IPv6 the default IP protocol
"We are on a mission from God" - Elwood Blues

http://www.itojun.org/paper/itojun-nanog-200210-ipv6isp/mgp00004.html

Reply to:

Prev by Date: Processed: reassign this
Next by Date: Bug#167752: Upstream 1.3.26 security bug
Previous by thread: Processed: reassign this
Next by thread: お願いします！
Index(es):
- Date
- Thread