Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 20 Jun 2002 13:53:47 +0200
From:      Sheldon Hearn <sheldonh@starjuice.net>
To:        Mark Thomas <thomas@pbegames.com>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: Apache 1.3.26 port
Message-ID:  <20020620115347.GC73571@starjuice.net>
In-Reply-To: <5.1.0.14.2.20020620073651.02008090@pbegames.com>
References:  <200206200658470001.031DD337@mail.speakeasy.net> <B9364A85.2B69%jd@epylon.com> <200206200658470001.031DD337@mail.speakeasy.net> <5.1.0.14.2.20020620073651.02008090@pbegames.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On (2002/06/20 07:38), Mark Thomas wrote:

> OK, where exactly are these symlinks supposed to be? I upgraded 3 servers 
> last night with no issues (though in 2/3 cases I had non-standard locations 
> for data and cgi-bin directories). I just reviewed the apache13 port tree 
> and didn't see anything resembling the data.default symlink mentioned.

The symlinks aren't created if the cgi-bin and data directories already
exist.  They're only created so that a default installation of Apache
"works", in that http://localhost/ shows a page.  If you already have
cgi-bin and data directories, the port leaves them alone.

You can see the symlinks being created in the pkg-list:

| www/data.default/apache_pb.gif
| @exec [ -d %D/www/data/ ] || ln -fs %B %D/www/data
| [...]
| www/cgi-bin.default/printenv
| @exec [ -d %D/www/cgi-bin/ ] || ln -fs %B %D/www/cgi-bin

You can see support for removing the symlinks at uninstall time in the
pkg-plist:

| @unexec if [ -L %D/www/cgi-bin ]; then rm -f %D/www/cgi-bin; fi
| @unexec if [ -L %D/www/data ]; then rm -f %D/www/data; fi

So basically, folks who have their web content blown away by the port or
package have fallen victim to a process that's actually intended to make
things safe.

What was never considered was that people would leave the symlinks in
place.

Ciao,
Sheldon.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020620115347.GC73571>