Date: Thu, 20 Jun 2002 14:46:30 +0200 From: Neil Blakey-Milner <nbm@mithrandr.moria.org> To: Sheldon Hearn <sheldonh@starjuice.net> Cc: Mark Thomas <thomas@pbegames.com>, freebsd-ports@FreeBSD.ORG, ache@FreeBSD.org Subject: Re: Apache 1.3.26 port Message-ID: <20020620124630.GC15674@mithrandr.moria.org> In-Reply-To: <20020620115347.GC73571@starjuice.net> References: <200206200658470001.031DD337@mail.speakeasy.net> <B9364A85.2B69%jd@epylon.com> <200206200658470001.031DD337@mail.speakeasy.net> <5.1.0.14.2.20020620073651.02008090@pbegames.com> <20020620115347.GC73571@starjuice.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu 2002-06-20 (13:53), Sheldon Hearn wrote: > The symlinks aren't created if the cgi-bin and data directories already > exist. They're only created so that a default installation of Apache > "works", in that http://localhost/ shows a page. If you already have > cgi-bin and data directories, the port leaves them alone. > So basically, folks who have their web content blown away by the port or > package have fallen victim to a process that's actually intended to make > things safe. > > What was never considered was that people would leave the symlinks in > place. [ security -> ports ] It also removes all the contents of data.default not installed by apache, such as those installed by phpMyAdmin, phpPgAdmin, sqwebmail, qmailadmin, and so forth. I see no obvious reason the port should behave differently than all other ports in this regard - only remove it if you install it. This hasn't really affected me, except that it breaks my phpMyAdmin.... ports. So I just reinstall. But it's irritating. Anyone have any good reason we should not just remove that change? Andrey, any thoughts? Neil -- Neil Blakey-Milner nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020620124630.GC15674>