[Alan LeVee] > The shell script `a2enmod` uses a relative path instead of an > absolute path when enabling modules. This is minor security concern > as it could cause any potential problems whilst running Apache by > allowing path traversal. I can understand the aesthetic desire for a2ensite and a2enmod to do the same thing, but I don't understand your security concerns. There is simply no way a relative link to ../mods-available/foo.load is ever going to behave differently than an absolute link to /etc/apache2/mods-available/foo.load. So this is a purely aesthetic issue - or am I missing something?
Attachment:
signature.asc
Description: Digital signature