Re: Apache 1.3.26 port

From: Neil Blakey-Milner (nbm@mithrandr.moria.org)
Date: 06/20/02

• Next message: Eric F Crist: "RE: Password security"
• Previous message: Jimmy: "Re: FreeBSD Security Notice FreeBSD-SN-02:04 [courier-imap not updated]"
• In reply to: Sheldon Hearn: "Re: Apache 1.3.26 port"
• Next in thread: Bryan Fullerton: "Re: Apache 1.3.26 port"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 20 Jun 2002 14:46:30 +0200
From: Neil Blakey-Milner <nbm@mithrandr.moria.org>
To: Sheldon Hearn <sheldonh@starjuice.net>

On Thu 2002-06-20 (13:53), Sheldon Hearn wrote:
> The symlinks aren't created if the cgi-bin and data directories already
> exist. They're only created so that a default installation of Apache
> "works", in that http://localhost/ shows a page. If you already have
> cgi-bin and data directories, the port leaves them alone.

> So basically, folks who have their web content blown away by the port or
> package have fallen victim to a process that's actually intended to make
> things safe.
>
> What was never considered was that people would leave the symlinks in
> place.

[ security -> ports ]

It also removes all the contents of data.default not installed by
apache, such as those installed by phpMyAdmin, phpPgAdmin, sqwebmail,
qmailadmin, and so forth.

I see no obvious reason the port should behave differently than all
other ports in this regard - only remove it if you install it. This
hasn't really affected me, except that it breaks my phpMyAdmin....
ports. So I just reinstall. But it's irritating.

Anyone have any good reason we should not just remove that change?
Andrey, any thoughts?

Neil

-- 
Neil Blakey-Milner
nbm@mithrandr.moria.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: Eric F Crist: "RE: Password security"
• Previous message: Jimmy: "Re: FreeBSD Security Notice FreeBSD-SN-02:04 [courier-imap not updated]"
• In reply to: Sheldon Hearn: "Re: Apache 1.3.26 port"
• Next in thread: Bryan Fullerton: "Re: Apache 1.3.26 port"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Apache 1.3.26 port ... The symlinks aren't created if the cgi-bin and data directories already ... the port leaves them alone. ... (FreeBSD-Security) Re: How do I create a USB printer port manually ... The Lexmark printer drivers are known to do some strange things, so I suggest "cleaning" your print spooler environment, then doing the installation from scratch. ... I happen to have a Canon IP 8500 which installed without a hitch on my XP SP2 desktop following the instructions from Canon. ... I'm not familiar with the Dell computers specifically, but we had some computers at work where things like mice would only work properly when connected directly to the laptop as opposed to through a "port replicator" or "docking cradle". ... (microsoft.public.win2000.printing) Re: I am happy with XP:s integreted firewall! ... You CAN attack any open port if something is listening, ... CPU upto 100% and keep it there for as long as the cracker kept sending ... > wide world (I have made just one installation of windows XP and I allmost ... (comp.security.firewalls) Re: MassStorageDrivers via BootCD? ... port non-whql-signed device drivers ... n't extend the existing installation partition ... ternet information services documentation ... ternet information services administration ... (microsoft.public.de.german.win2000.setup) Re: SerialPort for Active perl 5.6.1 ... Summary after successful installation ... port, at least with the available examples coming with SerialPort. ... e.g. to install the pure Perl module ... (comp.lang.perl.modules)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2002-06