Reviewing changes between the bionic and eoan versions, I notice they've changed the default access:
backuppc (3.3.2-1) unstable; urgency=low
* debian/apache.conf:
+ Only grant access from localhost by default (as by default HTTPS is
not enforced). Mention that in NEWS.Debian.
This may improve the situation a little, although the problem of the cgi script not getting handled as cgi remains. For security conditions, this would need to adhere to ubuntu's policy on enabling cgi-bin on installation.
Updating documentation is a good idea - suggestions would be welcomed.
Reviewing changes between the bionic and eoan versions, I notice they've changed the default access:
backuppc (3.3.2-1) unstable; urgency=low
* debian/apache.conf:
+ Only grant access from localhost by default (as by default HTTPS is
not enforced). Mention that in NEWS.Debian.
and access permissions on the cgi-bin directory:
-rules: install --mode=4750 index.cgi debian/ backuppc/ usr/lib/ backuppc/ cgi-bin backuppc/ usr/lib/ backuppc/ cgi-bin
+rules: install --mode=755 index.cgi debian/
This may improve the situation a little, although the problem of the cgi script not getting handled as cgi remains. For security conditions, this would need to adhere to ubuntu's policy on enabling cgi-bin on installation.
Updating documentation is a good idea - suggestions would be welcomed.