[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#423638: apache2.2-common: a2enmod uses relative path instead of absolute



[Alan LeVee]
> The shell script `a2enmod` uses a relative path instead of an
> absolute path when enabling modules. This is minor security concern
> as it could cause any potential problems whilst running Apache by
> allowing path traversal.

I can understand the aesthetic desire for a2ensite and a2enmod to do
the same thing, but I don't understand your security concerns.  There
is simply no way a relative link to ../mods-available/foo.load is ever
going to behave differently than an absolute link to
/etc/apache2/mods-available/foo.load.

So this is a purely aesthetic issue - or am I missing something?

Attachment: signature.asc
Description: Digital signature


Reply to: