httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <field...@avron.ICS.UCI.EDU>
Subject Re: security hole patch
Date Sat, 06 May 1995 13:22:32 GMT
> No,I'm saying the ability to follow a symlink only sometimes is silly.
> Either you allow them (trust) or you don't (don't trust).   I am
> saying we don't need a middle ground config option.  Do it directory
> by directory with existing mechanisms.

That would be nuts.  I have control over my server's documentroot
directories, and thus I can safely allow all SymLinks there.  In contrast,
I have no control over user directories (and don't trust my users),
and thus cannot allow arbitrary SymLinks.  I use

   <Directory /dc/ud/www/documentroot>
   AllowOverride FileInfo AuthConfig Limit
   Options Indexes FollowSymLinks IncludesNoExec
   </Directory>

   <Directory /*/public_html*>
   AllowOverride FileInfo AuthConfig Limit
   Options Indexes SymLinksIfOwnerMatch IncludesNoExec
   </Directory>

to allow this feature.  Removing it from Apache would break Apache.

We also use an automounter, but one that does not (normally) symlink
the mounts -- those few users that get symlinked are not able to
use their public_html spaces.  I consider both of the proposed patches
to be desirable.

> If we want to fix the security problems, we'll do up a server that
> uses chroot().  That is a much better solution than a bunch of hacks
> and imposible to rememeber/use options.

No it isn't -- such a server cannot work in my environment.

.....Roy 
     584 messages down, 1110 to go

Mime
View raw message