Return-Path: Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: (qmail 87435 invoked from network); 23 Aug 2007 14:04:53 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 23 Aug 2007 14:04:53 -0000 Received: (qmail 65757 invoked by uid 500); 23 Aug 2007 14:04:49 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 65712 invoked by uid 500); 23 Aug 2007 14:04:49 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 65701 invoked by uid 99); 23 Aug 2007 14:04:49 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 23 Aug 2007 07:04:49 -0700 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 23 Aug 2007 14:05:30 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 8AB551A981A; Thu, 23 Aug 2007 07:04:29 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r569000 - in /httpd/httpd/trunk/docs/manual/mod: core.html.en core.xml Date: Thu, 23 Aug 2007 14:04:27 -0000 To: cvs@httpd.apache.org From: slive@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20070823140429.8AB551A981A@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: slive Date: Thu Aug 23 07:04:27 2007 New Revision: 569000 URL: http://svn.apache.org/viewvc?rev=569000&view=rev Log: Correct a common misconception: symlink restrictions are policy restrictions, not security restrictions. Modified: httpd/httpd/trunk/docs/manual/mod/core.html.en httpd/httpd/trunk/docs/manual/mod/core.xml Modified: httpd/httpd/trunk/docs/manual/mod/core.html.en URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/core.html.en?rev=569000&r1=568999&r2=569000&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/mod/core.html.en (original) +++ httpd/httpd/trunk/docs/manual/mod/core.html.en Thu Aug 23 07:04:27 2007 @@ -2217,6 +2217,9 @@

Note also, that this option gets ignored if set inside a <Location> section.

+

Omitting this option should not be considered a security restriction, + since symlink testing is subject to race conditions that make it + circumventable.

Includes
@@ -2257,8 +2260,11 @@ target file or directory is owned by the same user id as the link. -

Note

This option gets ignored if - set inside a <Location> section.
+

Note

This option gets ignored if + set inside a <Location> section.

+

This option should not be considered a security restriction, + since symlink testing is subject to race conditions that make it + circumventable.

Modified: httpd/httpd/trunk/docs/manual/mod/core.xml URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/core.xml?rev=569000&r1=568999&r2=569000&view=diff ============================================================================== --- httpd/httpd/trunk/docs/manual/mod/core.xml (original) +++ httpd/httpd/trunk/docs/manual/mod/core.xml Thu Aug 23 07:04:27 2007 @@ -2214,6 +2214,9 @@

Note also, that this option gets ignored if set inside a Location section.

+

Omitting this option should not be considered a security restriction, + since symlink testing is subject to race conditions that make it + circumventable.

Includes
@@ -2254,9 +2257,12 @@ target file or directory is owned by the same user id as the link. - Note This option gets ignored if + Note

This option gets ignored if set inside a Location section. + type="section">Location section.

+

This option should not be considered a security restriction, + since symlink testing is subject to race conditions that make it + circumventable.