cgi-bin)

Debian Bug Tracking System Wed, 23 Oct 2002 12:49:03 -0500

Your message dated Wed, 23 Oct 2002 12:36:36 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#165729: debian-policy: symlinks in /usr/lib/cgi-bin
has caused the attached Bug report to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 21 Oct 2002 11:52:01 +0000
>From [EMAIL PROTECTED] Mon Oct 21 06:52:00 2002
Return-path: <[EMAIL PROTECTED]>
Received: from blabluga.hell.pl [212.160.91.206] (postfix)
        by master.debian.org with esmtp (Exim 3.12 1 (Debian))
        id 183b6E-0000sX-00; Mon, 21 Oct 2002 06:51:59 -0500
Received: by blabluga.hell.pl (Postfix, from userid 1000)
        id 1CE8915873; Mon, 21 Oct 2002 13:51:51 +0200 (CEST)
From: Artur Czechowski <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: debian-policy: symlinks in /usr/lib/cgi-bin
X-Mailer: reportbug 1.50
Date: Mon, 21 Oct 2002 13:51:50 +0200
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Status: No, hits=0.6 required=5.0
        tests=SPAM_PHRASE_00_01
        version=2.41
X-Spam-Level: 

Package: debian-policy
Version: 3.5.6.1
Severity: important

Hello

I found a two packages (maybe there are more) which put symlinks
in /usr/lib/cgi-bin:

- ecartis-cgi (listargate.cgi -> lsg2.cgi)
- uprecords-cgi (uprecords.cgi -> ../../bin/uprecords)

I use apache as my webserver. Default configuration denies following
symlinks in /usr/lib/cgi-bin:
<Directory /usr/lib/cgi-bin/>
    AllowOverride None
    Options ExecCGI
    Order allow,deny
    Allow from all
</Directory>

There are no rules about dealing with symlinks in this directory.
Maybe policy should take it into account?

Regards
        Artur

-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux blabluga.hell.pl 2.4.18 #1 Wed Mar 13 15:54:10 CET 2002 i486
Locale: LANG=C, LC_CTYPE=pl_PL

Versions of packages debian-policy depends on:
ii  fileutils                     4.1-10     GNU file management utilities


---------------------------------------
Received: (at 165729-done) by bugs.debian.org; 23 Oct 2002 17:41:48 +0000
>From [EMAIL PROTECTED] Wed Oct 23 12:41:48 2002
Return-path: <[EMAIL PROTECTED]>
Received: from pcp559992pcs.rthfrd01.tn.comcast.net 
(glaurung.green-gryphon.com) [68.52.105.148] (srivasta)
        by master.debian.org with esmtp (Exim 3.12 1 (Debian))
        id 184PVr-0000Hq-00; Wed, 23 Oct 2002 12:41:47 -0500
Received: from glaurung.green-gryphon.com ([EMAIL PROTECTED] [127.0.0.1])
        by glaurung.green-gryphon.com (8.12.6/8.12.6/Debian-7) with ESMTP id 
g9NHabkx011330;
        Wed, 23 Oct 2002 12:36:38 -0500
Received: (from [EMAIL PROTECTED])
        by glaurung.green-gryphon.com (8.12.6/8.12.6/Debian-7) id 
g9NHaabP011326;
        Wed, 23 Oct 2002 12:36:36 -0500
X-Mailer: emacs 21.2.2 (via feedmail 9-beta-7 I)
To: Artur Czechowski <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: Bug#165729: debian-policy: symlinks in /usr/lib/cgi-bin
References: <[EMAIL PROTECTED]>
From: Manoj Srivastava <[EMAIL PROTECTED]>
Organization: The Debian Project
X-URL: http://www.debian.org/%7Esrivasta/
User-Agent: Gnus/5.090008 (Oort Gnus v0.08) Emacs/21.2 (i386-pc-linux-gnu)
 (i386-pc-linux-gnu)
Mail-Copies-To: nobody
X-Time: Wed Oct 23 12:36:36 2002
X-Face: [EMAIL PROTECTED]/;Y^gTjR\T^"B'fbeuVGiyKrvbfKJl!^e|e:iu(kJ6c|QYB57LP*|t
 &YlP~HF/=h:[EMAIL PROTECTED]:6Cj0kd#4]>*D,|0djf'CVlXkI,>aV4\}?d_KEqsN{Nnt7
 78"OsbQ["56/!nisvyB/uA5Q.{)gm6?q.j71ww.>b9b]-sG8zNt%KkIa>xWg&1VcjZk[hBQ>]j~`Wq
 Xl,y1a!(>6`UM{~'X[Y_,Bv+}=L\SS*mA8=s;!=O`ja|@PEzb&i0}Qp,`Z\:6:OmRi*
Date: Wed, 23 Oct 2002 12:36:36 -0500
In-Reply-To: <[EMAIL PROTECTED]> (Artur
 Czechowski's message of "Mon, 21 Oct 2002 13:51:50 +0200")
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Delivered-To: [EMAIL PROTECTED]
X-Spam-Status: No, hits=-11.9 required=5.0
        tests=IN_REP_TO,NOSPAM_INC,REFERENCES,SIGNATURE_SHORT_DENSE,
              SPAM_PHRASE_01_02,USER_AGENT
        version=2.41
X-Spam-Level: 

Hi,

        If a package tries to put in a cgi program using symlinks, and
 that is not supported in the default configuration of the most
 popular web server in Debian, then this is a bug in those packages;
 plain and simple. 

        Not every bug needs be prohibited in policy. Indeed, this is
 not a policy issue, far less an important one; and I am thus closing
 the report. 

        manoj
-- 
 You will always have good luck in your personal affairs.
Manoj Srivastava   <[EMAIL PROTECTED]>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Bug#165729: marked as done (debian-policy: symlinks in /usr/lib/cgi-bin)

Reply via email to