httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (Cliff Skolnick)
Subject Re: security hole patch
Date Tue, 18 Apr 1995 14:22:05 GMT
On Apr 18,  4:27pm, Robert S. Thau wrote:
}    So what if your users are not trusted?  How many of these sites
}    where users are not trusted even run the automouter?
} Probably most of them --- the ones I'm aware of are generally
} universities, which need some automounter-like system to coordinate
} among multiple, large, group fileservers. 

Well...I shoudl say how many of these system that also are web servers
run the automounter.  I know a few universities will fall into this
catagory, but no company I have ever seen.  I deal quite a bit with
internet security and have seen lots of companies.

} So you think that FollowSymLinks (or rather, the ability to turn it
} off) is silly, and you don't want to make it useful for people because
} you don't see the point of having it in the first place.  People who
} are using it (or want to) evidently disagree.

No,I'm saying the ability to follow a symlink only sometimes is silly.
Either you allow them (trust) or you don't (don't trust).   I am
saying we don't need a middle ground config option.  Do it directory
by directory with existing mechanisms.

} (This is separate from the argument of whether root-allowed symlinks
} is the best thing, or whether we want something more like Andy
} Polyakov's patch --- note that Andy's is also a performance win, since
} it avoids some checks which are really unnecessary on most systems,
} although I can see a Paranoid config directive for people who have
} setups who depend on the old behavior...).

I'm all for perfomance wins :), but I am against creeping featurism.
Apache can not be everything to everybody.  It will die if it tries.
No one wants to use a monster (ie CERN).

If we want to fix the security problems, we'll do up a server that
uses chroot().  That is a much better solution than a bunch of hacks
and imposible to rememeber/use options.


View raw message