Bug#165729: marked as done (debian-policy: symlinks in /usr/lib/cgi-bin)
Your message dated Wed, 23 Oct 2002 12:36:36 -0500
with message-id <[🔎] 87lm4p2h23.fsf@glaurung.green-gryphon.com>
and subject line Bug#165729: debian-policy: symlinks in /usr/lib/cgi-bin
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 21 Oct 2002 11:52:01 +0000
>From arturcz@blabluga.hell.pl Mon Oct 21 06:52:00 2002
Return-path: <arturcz@blabluga.hell.pl>
Received: from blabluga.hell.pl [212.160.91.206] (postfix)
by master.debian.org with esmtp (Exim 3.12 1 (Debian))
id 183b6E-0000sX-00; Mon, 21 Oct 2002 06:51:59 -0500
Received: by blabluga.hell.pl (Postfix, from userid 1000)
id 1CE8915873; Mon, 21 Oct 2002 13:51:51 +0200 (CEST)
From: Artur Czechowski <arturcz@blabluga.hell.pl>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: debian-policy: symlinks in /usr/lib/cgi-bin
X-Mailer: reportbug 1.50
Date: Mon, 21 Oct 2002 13:51:50 +0200
Message-Id: <[🔎] 20021021115151.1CE8915873@blabluga.hell.pl>
Delivered-To: submit@bugs.debian.org
X-Spam-Status: No, hits=0.6 required=5.0
tests=SPAM_PHRASE_00_01
version=2.41
X-Spam-Level:
Package: debian-policy
Version: 3.5.6.1
Severity: important
Hello
I found a two packages (maybe there are more) which put symlinks
in /usr/lib/cgi-bin:
- ecartis-cgi (listargate.cgi -> lsg2.cgi)
- uprecords-cgi (uprecords.cgi -> ../../bin/uprecords)
I use apache as my webserver. Default configuration denies following
symlinks in /usr/lib/cgi-bin:
<Directory /usr/lib/cgi-bin/>
AllowOverride None
Options ExecCGI
Order allow,deny
Allow from all
</Directory>
There are no rules about dealing with symlinks in this directory.
Maybe policy should take it into account?
Regards
Artur
-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux blabluga.hell.pl 2.4.18 #1 Wed Mar 13 15:54:10 CET 2002 i486
Locale: LANG=C, LC_CTYPE=pl_PL
Versions of packages debian-policy depends on:
ii fileutils 4.1-10 GNU file management utilities
---------------------------------------
Received: (at 165729-done) by bugs.debian.org; 23 Oct 2002 17:41:48 +0000
>From srivasta@golden-gryphon.com Wed Oct 23 12:41:48 2002
Return-path: <srivasta@golden-gryphon.com>
Received: from pcp559992pcs.rthfrd01.tn.comcast.net (glaurung.green-gryphon.com) [68.52.105.148] (srivasta)
by master.debian.org with esmtp (Exim 3.12 1 (Debian))
id 184PVr-0000Hq-00; Wed, 23 Oct 2002 12:41:47 -0500
Received: from glaurung.green-gryphon.com (srivasta@localhost [127.0.0.1])
by glaurung.green-gryphon.com (8.12.6/8.12.6/Debian-7) with ESMTP id g9NHabkx011330;
Wed, 23 Oct 2002 12:36:38 -0500
Received: (from srivasta@localhost)
by glaurung.green-gryphon.com (8.12.6/8.12.6/Debian-7) id g9NHaabP011326;
Wed, 23 Oct 2002 12:36:36 -0500
X-Mailer: emacs 21.2.2 (via feedmail 9-beta-7 I)
To: Artur Czechowski <arturcz@blabluga.hell.pl>
Cc: 165729@bugs.debian.org, 165729-done@bugs.debian.org
Subject: Re: Bug#165729: debian-policy: symlinks in /usr/lib/cgi-bin
References: <[🔎] 20021021115151.1CE8915873@blabluga.hell.pl>
From: Manoj Srivastava <srivasta@debian.org>
Organization: The Debian Project
X-URL: http://www.debian.org/%7Esrivasta/
User-Agent: Gnus/5.090008 (Oort Gnus v0.08) Emacs/21.2 (i386-pc-linux-gnu)
(i386-pc-linux-gnu)
Mail-Copies-To: nobody
X-Time: Wed Oct 23 12:36:36 2002
X-Face: #q.#]5@vq!Jz+E0t_/;Y^gTjR\T^"B'fbeuVGiyKrvbfKJl!^e|e:iu(kJ6c|QYB57LP*|t
&YlP~HF/=h:GA6o6W@I#deQL-%#.6]!z:6Cj0kd#4]>*D,|0djf'CVlXkI,>aV4\}?d_KEqsN{Nnt7
78"OsbQ["56/!nisvyB/uA5Q.{)gm6?q.j71ww.>b9b]-sG8zNt%KkIa>xWg&1VcjZk[hBQ>]j~`Wq
Xl,y1a!(>6`UM{~'X[Y_,Bv+}=L\SS*mA8=s;!=O`ja|@PEzb&i0}Qp,`Z\:6:OmRi*
Date: Wed, 23 Oct 2002 12:36:36 -0500
In-Reply-To: <[🔎] 20021021115151.1CE8915873@blabluga.hell.pl> (Artur
Czechowski's message of "Mon, 21 Oct 2002 13:51:50 +0200")
Message-ID: <[🔎] 87lm4p2h23.fsf@glaurung.green-gryphon.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Delivered-To: 165729-done@bugs.debian.org
X-Spam-Status: No, hits=-11.9 required=5.0
tests=IN_REP_TO,NOSPAM_INC,REFERENCES,SIGNATURE_SHORT_DENSE,
SPAM_PHRASE_01_02,USER_AGENT
version=2.41
X-Spam-Level:
Hi,
If a package tries to put in a cgi program using symlinks, and
that is not supported in the default configuration of the most
popular web server in Debian, then this is a bug in those packages;
plain and simple.
Not every bug needs be prohibited in policy. Indeed, this is
not a policy issue, far less an important one; and I am thus closing
the report.
manoj
--
You will always have good luck in your personal affairs.
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: