Summary: | www-apache/passenger - fix directory access directives in /etc/apache2/modules.d/30_mod_passenger.conf | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | three sixes <666threesixes666> |
Component: | Current packages | Assignee: | Hans de Graaff <graaff> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | ruby |
Priority: | Normal | Keywords: | PATCH |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
three sixes
2014-01-19 19:55:26 UTC
Passenger provides your apache with the ability to use rack based applications, but it does not actually provide any host definition to do that. These should be defined in /etc/apache2/vhosts.d and fall outside of the scope of passenger. This includes settings for directories served by these virtual hosts. Your patch would also open up a huge security whole since it would allow serving all files on the filesystem. |