httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy Polyakov <ap...@fy.chalmers.se>
Subject Re: security hole patch
Date Tue, 18 Apr 1995 17:48:31 GMT
Hi, everybody!
>    I see little value in the new directive.  Either you allow symbolic
>    links and know the consequences (document it) or you don't.  This
>    is creaping featurism.  I don't think we need this.
> 
> The value is the elimination of a serious misfeature --- people who
> use the automounter, and who want to enable UserDirs, and *disable*
> FollowSymLinks, currently can't, because the entries in the
> automounter's pseudo-directories appear as symlinks owned by root.
> 
> (To spell it out, when a client requests /~foo, that turns into
> /home/amdir/foo, where /home is automounted directory.  The server
> looks at /home/amdir, sees it's a symlink (to /tmp_mnt/home/amdir),
> and bounces the request).
I feel it's right time to promote my patch (see below) I was invited to
this list for. To refresh your memory it was eliminating redundant
.htaccess searches on the path to a document subtree, e.g.: request for
/~foo checks .htaccess only in /home/amdir/foo/public_html instead of
going through the whole directory chain starting from /.htaccess. I am
saving a lot of CPU cycles in my place by avoiding hitting non-existing
/home/.htaccess, which is causing automounter attempt, which in turn
involves NIS+, etc.. Well, it looks like it would fix the
"impossibility to allow automounted UserDirs AND to disable
FollowSymLinks" problem as well! And indeed it would never look into
/home and won't ever find out there're links... Then it's no
problem to prohibit to follow symlinks in UserDirs by adding
"<Directory /home>\nOptions None\n</Directory>" statement to
access.conf, right? Unfortunately I can't check it out in action,
because I run Solaris 2 and /home/* are real mount point, not
symlinks.

Sincerely yours. Andy.

P.S. Patch is relative to 0.6.1.
------------------------------cut here---------------------------------
*** ./http_access.c.orig	Sat Apr 15 20:05:38 1995
--- ./http_access.c	Tue Apr 18 19:40:11 1995
***************
*** 197,203 ****
      if((override[n]) || (!(opts[n] & OPT_SYM_LINKS)) || 
         (opts[n] & OPT_SYM_OWNER))
          {
!             for(x=0;x<num_dirs;x++) {
                  y = num_sec;
                  make_dirstr(path,x+1,d);
                  if((!(opts[x] & OPT_SYM_LINKS)) || (opts[x] & OPT_SYM_OWNER)) {
--- 197,204 ----
      if((override[n]) || (!(opts[n] & OPT_SYM_LINKS)) || 
         (opts[n] & OPT_SYM_OWNER))
          {
! 		  vvvvvvvvvvvvvvvvv-- eliminate redundant checks
!             for(x=tackle_on_docroot(path);x<num_dirs;x++) {
                  y = num_sec;
                  make_dirstr(path,x+1,d);
                  if((!(opts[x] & OPT_SYM_LINKS)) || (opts[x] & OPT_SYM_OWNER)) {
*** ./http_alias.c.orig	Sun Apr 16 22:28:23 1995
--- ./http_alias.c	Mon Apr 17 17:52:18 1995
***************
*** 248,250 ****
--- 248,265 ----
           }
       }
  }
+ 
+ int tackle_on_docroot(char *name) {
+    register int x,l;
+    alias *p;
+ 
+    l=strlen(document_root);
+    if(!strncmp(name,document_root,l))
+        return count_dirs(document_root);
+    for(p=a; p!=NULL; p=p->next) {
+        l=strlen(p->real);
+        if(!strncmp(name,p->real,l))
+          return count_dirs(p->real);
+    }
+    return 0;
+ }


Mime
View raw message