Bug#23661: usr/doc should not be accessible through http servers by default
Julian Gilbey wrote:
> Here's an issue. About two years ago there was a proposal that the
> default httpd setup should not allow /usr/doc to be remotely
> accessible, as it's a huge security risk. (Yes, we're talking about a
> small amount of "security through obscurity" here, but we don't need
> to hand crackers this information on a golden plate.)
>
> Nothing appears to have been done about it.
I remember seeing a restriction to localhost in the config that
comes with apache.
Regards,
Joey
--
This is Linux Country. On a quiet night, you can hear Windows reboot.
Reply to: