From owner-freebsd-security  Thu Jun 20  5:46:19 2002
Delivered-To: freebsd-security@freebsd.org
Received: from infinitive.futureperfectcorporation.com (infinitive.futureperfectcorporation.com [196.25.137.68])
	by hub.freebsd.org (Postfix) with SMTP id 5A24537B40B
	for <freebsd-security@FreeBSD.org>; Thu, 20 Jun 2002 05:46:09 -0700 (PDT)
Received: (qmail 11082 invoked by uid 0); 20 Jun 2002 12:46:05 -0000
Received: from gerund.futureperfectcorporation.com (196.25.137.65)
  by infinitive.futureperfectcorporation.com with SMTP; 20 Jun 2002 12:46:05 -0000
Received: (qmail 15831 invoked by uid 1001); 20 Jun 2002 12:46:31 -0000
Date: Thu, 20 Jun 2002 14:46:30 +0200
From: Neil Blakey-Milner <nbm@mithrandr.moria.org>
To: Sheldon Hearn <sheldonh@starjuice.net>
Cc: Mark Thomas <thomas@pbegames.com>, freebsd-ports@FreeBSD.ORG,
	ache@FreeBSD.org
Subject: Re: Apache 1.3.26 port
Message-ID: <20020620124630.GC15674@mithrandr.moria.org>
References: <200206200658470001.031DD337@mail.speakeasy.net> <B9364A85.2B69%jd@epylon.com> <200206200658470001.031DD337@mail.speakeasy.net> <5.1.0.14.2.20020620073651.02008090@pbegames.com> <20020620115347.GC73571@starjuice.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020620115347.GC73571@starjuice.net>
User-Agent: Mutt/1.3.27i
Organization: iTouch Labs
X-Operating-System: FreeBSD 4.3-RELEASE i386
X-URL: http://mithrandr.moria.org/nbm/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu 2002-06-20 (13:53), Sheldon Hearn wrote:
> The symlinks aren't created if the cgi-bin and data directories already
> exist.  They're only created so that a default installation of Apache
> "works", in that http://localhost/ shows a page.  If you already have
> cgi-bin and data directories, the port leaves them alone.

> So basically, folks who have their web content blown away by the port or
> package have fallen victim to a process that's actually intended to make
> things safe.
> 
> What was never considered was that people would leave the symlinks in
> place.

[ security -> ports ]

It also removes all the contents of data.default not installed by
apache, such as those installed by phpMyAdmin, phpPgAdmin, sqwebmail,
qmailadmin, and so forth.

I see no obvious reason the port should behave differently than all
other ports in this regard - only remove it if you install it.  This
hasn't really affected me, except that it breaks my phpMyAdmin....
ports.  So I just reinstall.  But it's irritating.

Anyone have any good reason we should not just remove that change?
Andrey, any thoughts?

Neil
-- 
Neil Blakey-Milner
nbm@mithrandr.moria.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message