Bug#301045: apache2-common: suexec permissions aren't paranoid
Package: apache2-common
Version: 2.0.53-5
Severity: normal
*** Please type your report below this line *** According to
http://httpd.apache.org/docs-2.0/suexec.html#install (Setting paranoid
permissions section), the suexec script should be owned by group
www-data and have 4750 permissions, as a security precaution and
"because it is best-practise in general".
Charles
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (90, 'testing'), (80, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.26-1um
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages apache2-common depends on:
ii apache2-utils 2.0.53-5 utility programs for webservers
ii debconf 1.4.30.11 Debian configuration management sy
ii debianutils 2.8.4 Miscellaneous utilities specific t
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libdb4.2 4.2.52-18 Berkeley v4.2 Database Libraries [
ii libexpat1 1.95.8-1 XML parsing C library - runtime li
ii libgcc1 1:3.4.3-6 GCC support library
ii libmagic1 4.12-1 File type determination library us
ii mime-support 3.28-1 MIME files 'mime.types' & 'mailcap
ii net-tools 1.60-10 The NET-3 networking toolkit
ii openssl 0.9.7e-2 Secure Socket Layer (SSL) binary a
ii ssl-cert 1.0-11 Simple debconf wrapper for openssl
-- no debconf information
Reply to: