Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 11-05-2007 Installation Manual page 791

40.7.1 Up-to-Date Software
If there are vulnerabilities found in the Apache software, a security advisory will be
issued by SUSE. It contains instructions for fixing the vulnerabilities, which in turn
should be applied soon as possible. The SUSE security announcements are available
from the following locations:
• Web Page
http://www.novell.com/linux/security/
securitysupport.html
• Mailing List
http://www.suse.com/us/private/support/online
_help/mailinglists/
• RSS Feed
http://www.novell.com/linux/security/suse
_security.xml
40.7.2 DocumentRoot Permissions
By default in SUSE Linux Enterprise Server, the DocumentRoot directory /srv/
www/htdocs and the CGI directory /srv/www/cgi-bin belong to the user and
group root. You should not change these permissions. If the directories were writable
for all, any user could place files into them. These files might then be executed by
Apache with the permissions of wwwrun, which may give the user unintended access
to file system resources. Use subdirectories of /srv/www to place the DocumentRoot
and CGI directories for your virtual hosts and make sure that directories and files belong
to user and group root.
40.7.3 File System Access
By default, access to the whole file system is denied in /etc/apache2/httpd
.conf. You should never overwrite these directives, but specifically enable access to
all directories Apache should be able to read (see
ration" (page 746) for details). In doing so, ensure that no critical files, such as password
or system configuration files, can be read from the outside.
Section "Basic Virtual Host Configu-
The Apache HTTP Server 773