Bug 107424 - htdig needs its own configuration directory
htdig needs its own configuration directory
Product: Red Hat Linux
Classification: Retired
Component: htdig (Show other bugs)
All Linux
medium Severity low
: ---
: ---
Assigned To: Phil Knirsch
David Lawrence
Depends On:
  Show dependency treegraph
Reported: 2003-10-17 17:07 EDT by Gilles Detillieux
Modified: 2015-03-04 20:12 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-12-19 10:02:58 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2003:376 normal SHIPPED_LIVE Updated htdig packages fix truncated output problems 2003-12-19 00:00:00 EST

  None (edit)
Description Gilles Detillieux 2003-10-17 17:07:35 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225

Description of problem:
The ht://Dig software suite allows the use of many configuration files for a
given installation of the software, not just the default htdig.conf.  However,
htsearch expects all of these configuration files to be in the same directory. 
Red Hat's .spec file sets this to /etc, via the --with-config-dir=%{_sysconfdir}
argument to configure, which means that:

a) htsearch's config files must all be right in /etc, as opposed to some
subdirectory reserved for ht://Dig.

b) htsearch can potentially be told to read, via the "config" CGI input
parameter, any *.conf file under /etc.  If any of these are of a format that
htsearch can parse, there is a potential security risk in that configuration
information could possibly be leaked out to the public under some circumstances.

It would be much better if it were set as --with-config-dir=%{_sysconfdir}/htdig

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Try configuring a search form with a different value for the "config" input
2. Your corresponding configuration file will have to go in /etc for htsearch to
find it.
3. Try this many times, for a site that needs many different configuration
files, and watch /etc get littered with all these files.
4. Look for other *.conf files in /etc, and try their basename as the value for
the "config" parameter, to see whether htsearch causes any problems when
attempting to read these.

Additional info:

Whether this constitutes a bug or not may be open to debate, but it would be a
trivial change to make this package's configuration much more ideal. If backward
compatibility is a concern, the RPM could make a symlink in /etc: htdig.conf ->
Comment 1 Phil Knirsch 2003-10-30 08:56:30 EST
Sounds like a good idea, will change that in one of the next htdig builds.

It's already in a scheduled errata for AS2.1

Read ya, Phil
Comment 2 John Flanagan 2003-12-19 10:02:58 EST
An errata has been issued which should help the problem described in this bug report. 
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen 
this bug report if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.