httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sl...@apache.org
Subject svn commit: r569000 - in /httpd/httpd/trunk/docs/manual/mod: core.html.en core.xml
Date Thu, 23 Aug 2007 14:04:27 GMT
Author: slive
Date: Thu Aug 23 07:04:27 2007
New Revision: 569000

URL: http://svn.apache.org/viewvc?rev=569000&view=rev
Log:
Correct a common misconception: symlink restrictions
are policy restrictions, not security restrictions.

Modified:
    httpd/httpd/trunk/docs/manual/mod/core.html.en
    httpd/httpd/trunk/docs/manual/mod/core.xml

Modified: httpd/httpd/trunk/docs/manual/mod/core.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/core.html.en?rev=569000&r1=568999&r2=569000&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/core.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/core.html.en Thu Aug 23 07:04:27 2007
@@ -2217,6 +2217,9 @@
       <p>Note also, that this option <strong>gets ignored</strong> if set
       inside a <code class="directive"><a href="#location">&lt;Location&gt;</a></code>
       section.</p>
+      <p>Omitting this option should not be considered a security restriction,
+      since symlink testing is subject to race conditions that make it
+      circumventable.</p>
       </div></dd>
 
       <dt><code>Includes</code></dt>
@@ -2257,8 +2260,11 @@
       target file or directory is owned by the same user id as the
       link.
 
-      <div class="note"><h3>Note</h3> This option gets ignored if
-      set inside a <code class="directive"><a href="#location">&lt;Location&gt;</a></code>
section.</div>
+      <div class="note"><h3>Note</h3> <p>This option gets ignored
if
+      set inside a <code class="directive"><a href="#location">&lt;Location&gt;</a></code>
section.</p>
+      <p>This option should not be considered a security restriction,
+      since symlink testing is subject to race conditions that make it
+      circumventable.</p></div>
       </dd>
     </dl>
 

Modified: httpd/httpd/trunk/docs/manual/mod/core.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/core.xml?rev=569000&r1=568999&r2=569000&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/core.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/core.xml Thu Aug 23 07:04:27 2007
@@ -2214,6 +2214,9 @@
       <p>Note also, that this option <strong>gets ignored</strong> if set
       inside a <directive type="section" module="core">Location</directive>
       section.</p>
+      <p>Omitting this option should not be considered a security restriction,
+      since symlink testing is subject to race conditions that make it
+      circumventable.</p>
       </note></dd>
 
       <dt><code>Includes</code></dt>
@@ -2254,9 +2257,12 @@
       target file or directory is owned by the same user id as the
       link.
 
-      <note><title>Note</title> This option gets ignored if
+      <note><title>Note</title> <p>This option gets ignored if
       set inside a <directive module="core"
-      type="section">Location</directive> section.</note>
+      type="section">Location</directive> section.</p>
+      <p>This option should not be considered a security restriction,
+      since symlink testing is subject to race conditions that make it
+      circumventable.</p></note>
       </dd>
     </dl>
 



Mime
View raw message