On 02.11.2006 20:16 schrieb sean finney:
On Thu, 2006-11-02 at 19:20 +0100, Mike Hommey wrote:
Auto-indexes are enabled only in /var/www/apache2-default and
/usr/share/apache2/icons by default, so it is not likely to leak any
unexpected file list.
So no, that doesn't grant an RC bug for
On Sun, Nov 05, 2006 at 01:38:21PM +0100, Bastian Venthur [EMAIL PROTECTED]
wrote:
On 02.11.2006 20:16 schrieb sean finney:
On Thu, 2006-11-02 at 19:20 +0100, Mike Hommey wrote:
Auto-indexes are enabled only in /var/www/apache2-default and
/usr/share/apache2/icons by default, so it is not
On 05.11.2006 14:04 schrieb Mike Hommey:
On Sun, Nov 05, 2006 at 01:38:21PM +0100, Bastian Venthur [EMAIL PROTECTED]
wrote:
On 02.11.2006 20:16 schrieb sean finney:
On Thu, 2006-11-02 at 19:20 +0100, Mike Hommey wrote:
Auto-indexes are enabled only in /var/www/apache2-default and
On Sun, Nov 05, 2006 at 02:36:02PM +0100, Bastian Venthur [EMAIL PROTECTED]
wrote:
Here is what I've installed:
# dpkg --list | grep php | cut -d -f -3
ii libapache2-mod-php5
ii php5
ii php5-common
and:
# cat /etc/apache2/sites-enabled/wiki
VirtualHost *:80
ServerName
On Sun, 2006-11-05 at 14:04 +0100, Mike Hommey wrote:
The file does not get executed as expected, but the browser wants to
download it (which might be a security issue).
Then it is likely that you don't have php installed.
*or* that php is installed but not the modules isn't loaded
into
On 05.11.2006 14:44 schrieb Mike Hommey:
On Sun, Nov 05, 2006 at 02:36:02PM +0100, Bastian Venthur [EMAIL PROTECTED]
wrote:
Here is what I've installed:
# dpkg --list | grep php | cut -d -f -3
ii libapache2-mod-php5
ii php5
ii php5-common
and:
# cat /etc/apache2/sites-enabled/wiki
On 05.11.2006 14:49 schrieb sean finney:
On Sun, 2006-11-05 at 14:04 +0100, Mike Hommey wrote:
The file does not get executed as expected, but the browser wants to
download it (which might be a security issue).
Then it is likely that you don't have php installed.
*or* that php is installed
Le 5 nov. 06 à 14:49, sean finney a écrit :
On Sun, 2006-11-05 at 14:04 +0100, Mike Hommey wrote:
The file does not get executed as expected, but the browser wants to
download it (which might be a security issue).
Then it is likely that you don't have php installed.
*or* that php is
Bastian Venthur wrote:
On 02.11.2006 20:16 schrieb sean finney:
On Thu, 2006-11-02 at 19:20 +0100, Mike Hommey wrote:
Auto-indexes are enabled only in /var/www/apache2-default and
/usr/share/apache2/icons by default, so it is not likely to leak any
unexpected file list.
So no, that doesn't
Hello!
On Sun, 05 Nov 2006 21:13:14 +0100, Bastian Venthur wrote:
But the DirectoryIndex problem should be fixed nevertheless.
FWIW, I've the following for apache2.2 on my sid:
=
[EMAIL PROTECTED]:~$ grep -r index.html /etc/apache2/*
/etc/apache2/mods-available/dir.conf: \
On Sun, Nov 05, 2006 at 10:48:10PM +0100, Luca Capello [EMAIL PROTECTED]
wrote:
Hello!
On Sun, 05 Nov 2006 21:13:14 +0100, Bastian Venthur wrote:
But the DirectoryIndex problem should be fixed nevertheless.
FWIW, I've the following for apache2.2 on my sid:
=
[EMAIL PROTECTED]:~$
Mike Hommey wrote:
On Sun, Nov 05, 2006 at 10:48:10PM +0100, Luca Capello [EMAIL PROTECTED]
wrote:
Hello!
On Sun, 05 Nov 2006 21:13:14 +0100, Bastian Venthur wrote:
But the DirectoryIndex problem should be fixed nevertheless.
FWIW, I've the following for apache2.2 on my sid:
=
[EMAIL
Bastian Venthur skrev:
Is this upstreams default or our? I mean I just cannot imagine that
apache ignores index.php files by default.
Why not?
So, was the change intentional or just a mistake?
That it was removed completely was a mistake. That it doesn't include
index.php is not a
Hi
I've just upgraded #393913 from minor to important.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=393913
Somebody just mailed me that this bug is release critical since it
allows to read/download php-scripts (like index.php).
Can somebody confirm that this bug is RC or should I just
On Thu, Nov 02, 2006 at 03:32:39PM +0100, Bastian Venthur [EMAIL PROTECTED]
wrote:
Hi
I've just upgraded #393913 from minor to important.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=393913
Somebody just mailed me that this bug is release critical since it
allows to read/download
On Thu, 2006-11-02 at 19:20 +0100, Mike Hommey wrote:
Auto-indexes are enabled only in /var/www/apache2-default and
/usr/share/apache2/icons by default, so it is not likely to leak any
unexpected file list.
So no, that doesn't grant an RC bug for these reasons.
On the other hand, it
Mike Hommey wrote:
On Thu, Nov 02, 2006 at 03:32:39PM +0100, Bastian Venthur [EMAIL PROTECTED]
wrote:
DirectoryIndex tells apache which file(s) it may use when the url points
to a directory, instead of creating an index of the directory itself, if
allowed to.
The default value for
On Thu, Nov 02, 2006 at 08:16:46PM +0100, sean finney [EMAIL PROTECTED] wrote:
On Thu, 2006-11-02 at 19:20 +0100, Mike Hommey wrote:
Auto-indexes are enabled only in /var/www/apache2-default and
/usr/share/apache2/icons by default, so it is not likely to leak any
unexpected file list.
On Thu, Nov 02, 2006 at 08:05:08PM +0100, Bastian Venthur [EMAIL PROTECTED]
wrote:
Mike Hommey wrote:
On Thu, Nov 02, 2006 at 03:32:39PM +0100, Bastian Venthur [EMAIL
PROTECTED] wrote:
DirectoryIndex tells apache which file(s) it may use when the url points
to a directory, instead of
sean finney wrote:
i imagine the apache maintainers will argue that it should be either (a)
the webapp package or (b) the php apache module's repsonsibility
to specify the additional DirectoryIndex.
iirc DirectoryIndex does/can append to the list of index files, right?
This is exactly what
Mike Hommey wrote:
The default value for DirectoryIndex is index.html, which
obviously forgets index.php. But that doesn't mean index.php will be
readable as source. It only means that the auto index will be displayed
if no index.html is present and if allowed to.
Is this upstreams default or
On Thu, Nov 02, 2006 at 09:50:09PM +0100, Bastian Venthur [EMAIL PROTECTED]
wrote:
Mike Hommey wrote:
The default value for DirectoryIndex is index.html, which
obviously forgets index.php. But that doesn't mean index.php will be
readable as source. It only means that the auto index will be
On Thu, Nov 02, 2006 at 09:39:39PM +0100, Mike Hommey [EMAIL PROTECTED] wrote:
On Thu, Nov 02, 2006 at 08:05:08PM +0100, Bastian Venthur [EMAIL PROTECTED]
wrote:
Mike Hommey wrote:
On Thu, Nov 02, 2006 at 03:32:39PM +0100, Bastian Venthur [EMAIL
PROTECTED] wrote:
DirectoryIndex
Mike Hommey wrote:
There has never been index.php in the DirectoryIndex configuration from
apache. Adding it is part of the php installation procedure.
Maybe I'm just confusing something but the bugreport claims that the
following line was present in apache2.conf before the upgrade to 2.2 but
On Thu, Nov 02, 2006 at 10:08:46PM +0100, Bastian Venthur [EMAIL PROTECTED]
wrote:
Mike Hommey wrote:
There has never been index.php in the DirectoryIndex configuration from
apache. Adding it is part of the php installation procedure.
Maybe I'm just confusing something but the bugreport
Mike == Mike Hommey [EMAIL PROTECTED] writes:
Mike Auto-indexes are enabled only in /var/www/apache2-default and
Mike /usr/share/apache2/icons by default, so it is not likely to leak any
Mike unexpected file list.
... on my system autoindexes were enabled by default in my existing
On Thu, Nov 02, 2006 at 07:20:12PM +0100, Mike Hommey wrote:
On Thu, Nov 02, 2006 at 03:32:39PM +0100, Bastian Venthur [EMAIL PROTECTED]
wrote:
Hi
I've just upgraded #393913 from minor to important.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=393913
Somebody just mailed
On Fri, Nov 03, 2006 at 07:43:36AM +0100, Jean-Christophe Dubacq [EMAIL
PROTECTED] wrote:
I remember that since the change, I had to make changes to several php
applications, because at the same time the default configuration did not
include any configuration in the case where php is not
28 matches
Mail list logo