httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 14206] DirectoryIndex circumvents -FollowSymLinks option
Date Thu, 29 Jan 2009 15:21:46 GMT

--- Comment #3 from Dan Poirier <>  2009-01-29 07:21:45 PST ---
(Not strictly a security issue, since FollowSymLinks is explicitly documented
that we shouldn't rely on it for security.)

This bug is still present in 2.2.11, but not in trunk.

Here's the change in mod_dir.c that seems to have fixed it:

This change was discussed a while back, starting here:

and the consensus was to make the change in trunk and see if any problems
turned up.

It's been almost a year now and the change is still in.  Maybe it's time to
consider backporting it to 2.2.x.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message