Bug 107424
| Summary: | htdig needs its own configuration directory | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | Gilles Detillieux <grdetil> |
| Component: | htdig | Assignee: | Phil Knirsch <pknirsch> |
| Status: | CLOSED ERRATA | QA Contact: | David Lawrence <dkl> |
| Severity: | low | Docs Contact: | |
| Priority: | medium | ||
| Version: | 9 | CC: | rvokal |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2003-12-19 15:02:58 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Sounds like a good idea, will change that in one of the next htdig builds. It's already in a scheduled errata for AS2.1 Read ya, Phil An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2003-376.html |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225 Description of problem: The ht://Dig software suite allows the use of many configuration files for a given installation of the software, not just the default htdig.conf. However, htsearch expects all of these configuration files to be in the same directory. Red Hat's .spec file sets this to /etc, via the --with-config-dir=%{_sysconfdir} argument to configure, which means that: a) htsearch's config files must all be right in /etc, as opposed to some subdirectory reserved for ht://Dig. b) htsearch can potentially be told to read, via the "config" CGI input parameter, any *.conf file under /etc. If any of these are of a format that htsearch can parse, there is a potential security risk in that configuration information could possibly be leaked out to the public under some circumstances. It would be much better if it were set as --with-config-dir=%{_sysconfdir}/htdig Version-Release number of selected component (if applicable): htdig-3.2.0-16.20021103 How reproducible: Always Steps to Reproduce: 1. Try configuring a search form with a different value for the "config" input parameter. 2. Your corresponding configuration file will have to go in /etc for htsearch to find it. 3. Try this many times, for a site that needs many different configuration files, and watch /etc get littered with all these files. 4. Look for other *.conf files in /etc, and try their basename as the value for the "config" parameter, to see whether htsearch causes any problems when attempting to read these. Additional info: Whether this constitutes a bug or not may be open to debate, but it would be a trivial change to make this package's configuration much more ideal. If backward compatibility is a concern, the RPM could make a symlink in /etc: htdig.conf -> htdig/htdig.conf