Return-Path:
Delivered-To: apmail-httpd-cvs-archive@www.apache.org
Received: (qmail 87435 invoked from network); 23 Aug 2007 14:04:53 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
by minotaur.apache.org with SMTP; 23 Aug 2007 14:04:53 -0000
Received: (qmail 65757 invoked by uid 500); 23 Aug 2007 14:04:49 -0000
Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org
Received: (qmail 65712 invoked by uid 500); 23 Aug 2007 14:04:49 -0000
Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help:
list-unsubscribe:
List-Post:
List-Id:
Delivered-To: mailing list cvs@httpd.apache.org
Received: (qmail 65701 invoked by uid 99); 23 Aug 2007 14:04:49 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 23 Aug 2007 07:04:49 -0700
X-ASF-Spam-Status: No, hits=-100.0 required=10.0
tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3)
by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 23 Aug 2007 14:05:30 +0000
Received: by eris.apache.org (Postfix, from userid 65534)
id 8AB551A981A; Thu, 23 Aug 2007 07:04:29 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r569000 - in /httpd/httpd/trunk/docs/manual/mod:
core.html.en
core.xml
Date: Thu, 23 Aug 2007 14:04:27 -0000
To: cvs@httpd.apache.org
From: slive@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20070823140429.8AB551A981A@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org
Author: slive
Date: Thu Aug 23 07:04:27 2007
New Revision: 569000
URL: http://svn.apache.org/viewvc?rev=569000&view=rev
Log:
Correct a common misconception: symlink restrictions
are policy restrictions, not security restrictions.
Modified:
httpd/httpd/trunk/docs/manual/mod/core.html.en
httpd/httpd/trunk/docs/manual/mod/core.xml
Modified: httpd/httpd/trunk/docs/manual/mod/core.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/core.html.en?rev=569000&r1=568999&r2=569000&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/core.html.en (original)
+++ httpd/httpd/trunk/docs/manual/mod/core.html.en Thu Aug 23 07:04:27 2007
@@ -2217,6 +2217,9 @@
Note also, that this option gets ignored if set
inside a <Location>
section.
+ Omitting this option should not be considered a security restriction,
+ since symlink testing is subject to race conditions that make it
+ circumventable.
Includes
@@ -2257,8 +2260,11 @@
target file or directory is owned by the same user id as the
link.
- Note
This option gets ignored if
- set inside a
<Location>
section.
+ Note
This option gets ignored if
+ set inside a <Location>
section.
+
This option should not be considered a security restriction,
+ since symlink testing is subject to race conditions that make it
+ circumventable.
Modified: httpd/httpd/trunk/docs/manual/mod/core.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/core.xml?rev=569000&r1=568999&r2=569000&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/core.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/core.xml Thu Aug 23 07:04:27 2007
@@ -2214,6 +2214,9 @@
Note also, that this option gets ignored if set
inside a Location
section.
+ Omitting this option should not be considered a security restriction,
+ since symlink testing is subject to race conditions that make it
+ circumventable.
Includes
@@ -2254,9 +2257,12 @@
target file or directory is owned by the same user id as the
link.
- Note This option gets ignored if
+ Note This option gets ignored if
set inside a Location section.
+ type="section">Location section.
+ This option should not be considered a security restriction,
+ since symlink testing is subject to race conditions that make it
+ circumventable.