Summary: | www-servers/thttpd Change in start-stop-daemon causes security-problem with thttpd | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Christian Gut <cycloon> |
Component: | Default Configs | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | jakub, www-servers+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 142047 | ||
Bug Blocks: |
Description
Christian Gut
2006-08-18 10:34:43 UTC
Seems like a potential security issue, reassigning to security. And now hopefully reassigning.... base-system please advise (and sorry for the spam). yes, this change is deliberate as that is what the upstream guys (Debian) did: -static const char *changedir = NULL; +static const char *changedir = "/"; this is a bug in thttpd, not in start-stop-daemon www-servers please advise. thttpd fixed, you can probably close this bug if there are no other known affected packages Thx Daniel. Closing this one as FIXED. |