> No,I'm saying the ability to follow a symlink only sometimes is silly.
> Either you allow them (trust) or you don't (don't trust). I am
> saying we don't need a middle ground config option. Do it directory
> by directory with existing mechanisms.
That would be nuts. I have control over my server's documentroot
directories, and thus I can safely allow all SymLinks there. In contrast,
I have no control over user directories (and don't trust my users),
and thus cannot allow arbitrary SymLinks. I use
<Directory /dc/ud/www/documentroot>
AllowOverride FileInfo AuthConfig Limit
Options Indexes FollowSymLinks IncludesNoExec
</Directory>
<Directory /*/public_html*>
AllowOverride FileInfo AuthConfig Limit
Options Indexes SymLinksIfOwnerMatch IncludesNoExec
</Directory>
to allow this feature. Removing it from Apache would break Apache.
We also use an automounter, but one that does not (normally) symlink
the mounts -- those few users that get symlinked are not able to
use their public_html spaces. I consider both of the proposed patches
to be desirable.
> If we want to fix the security problems, we'll do up a server that
> uses chroot(). That is a much better solution than a bunch of hacks
> and imposible to rememeber/use options.
No it isn't -- such a server cannot work in my environment.
.....Roy
584 messages down, 1110 to go
|