Bug#423638: apache2.2-common: a2enmod uses relative path instead of absolute

To: submit@bugs.debian.org
Cc: debian-apache@lists.debian.org
Subject: Bug#423638: apache2.2-common: a2enmod uses relative path instead of absolute
From: Alan LeVee <alan.levee@prometheus-designs.net>
Date: Sun, 13 May 2007 10:53:19 -0400
Message-id: <[🔎] 4647265F.6010300@prometheus-designs.net>
Reply-to: alan.levee@prometheus-designs.net, 423638@bugs.debian.org

Package: apache2.2-common
Version: 2.2.3-4
Severity: Minor

The shell script `a2enmod` uses a relative path instead of an absolute
path when enabling modules. This is minor security concern as it could
cause any potential problems whilst running Apache by allowing path
traversal.

The following patch to fix the problem is included:

--- a2enmod     2007-05-13 10:46:21.000000000 -0400
+++ a2enmod.new 2007-05-13 10:46:42.000000000 -0400
@@ -43,7 +43,7 @@
 for i in conf load; do
         if [ -e $SYSCONFDIR/mods-available/$MODNAME.$i -a ! -e
$SYSCONFDIR/mods-enabled/$MODNAME.$i ]; then
         cd $SYSCONFDIR/mods-enabled;
-        ln -sf ../mods-available/$MODNAME.$i $MODNAME.$i;
+        ln -sf $SYSCONFDIR/mods-available/$MODNAME.$i $MODNAME.$i;
         fi
 done

As I said, this is a minor issue and probably trivial but I'm rather
uncomfortable with the fact that it uses a relative path rather than an
absolute one like a2ensite.

Reply to:

Follow-Ups:
- Bug#423638: apache2.2-common: a2enmod uses relative path instead of absolute
  - From: Peter Samuelson <peter@p12n.org>

Prev by Date: Bug#344481: marked as done (php4-rrdtool: Use of RRD extensions (graph only?) causes Apache to segfault)
Next by Date: Bug#423653: apache2.2-common: mod_disk_cache fills /var after etch upgrade
Previous by thread: Bug#344481: marked as done (php4-rrdtool: Use of RRD extensions (graph only?) causes Apache to segfault)
Next by thread: Bug#423638: apache2.2-common: a2enmod uses relative path instead of absolute
Index(es):
- Date
- Thread