Bug#23661: usr/doc should not be accessible through http servers by default

To: Julian Gilbey <J.D.Gilbey@qmw.ac.uk>
Cc: security@debian.org, 23661@bugs.debian.org
Subject: Bug#23661: usr/doc should not be accessible through http servers by default
From: Martin Schulze <joey@finlandia.Infodrom.North.DE>
Date: Tue, 20 Jun 2000 21:09:44 +0200
Message-id: <[🔎] 20000620210944.Z23386@finlandia.infodrom.north.de>
Reply-to: Martin Schulze <joey@infodrom.north.de>, 23661@bugs.debian.org
In-reply-to: <[🔎] 20000620095801.A31405@polya>; from J.D.Gilbey@qmw.ac.uk on Tue, Jun 20, 2000 at 09:58:01AM +0100
References: <[🔎] 20000620095801.A31405@polya>

Julian Gilbey wrote:
> Here's an issue.  About two years ago there was a proposal that the
> default httpd setup should not allow /usr/doc to be remotely
> accessible, as it's a huge security risk.  (Yes, we're talking about a
> small amount of "security through obscurity" here, but we don't need
> to hand crackers this information on a golden plate.)
> 
> Nothing appears to have been done about it.

I remember seeing a restriction to localhost in the config that
comes with apache.

Regards,

	Joey

-- 
This is Linux Country.  On a quiet night, you can hear Windows reboot.

Reply to:

Follow-Ups:
- Bug#23661: usr/doc should not be accessible through http servers by default
  - From: Turbo Fredriksson <turbo@debian.org>

References:
- Bug#23661: usr/doc should not be accessible through http servers by default
  - From: Julian Gilbey <J.D.Gilbey@qmw.ac.uk>

Prev by Date: Bug#23661: usr/doc should not be accessible through http servers by default
Next by Date: Bug#23661: usr/doc should not be accessible through http servers by default
Previous by thread: Bug#23661: usr/doc should not be accessible through http servers by default
Next by thread: Bug#23661: usr/doc should not be accessible through http servers by default
Index(es):
- Date
- Thread