httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <field...@avron.ICS.UCI.EDU>
Subject Re: security hole patch
Date Sat, 06 May 1995 13:22:32 GMT
> No,I'm saying the ability to follow a symlink only sometimes is silly.
> Either you allow them (trust) or you don't (don't trust).   I am
> saying we don't need a middle ground config option.  Do it directory
> by directory with existing mechanisms.

That would be nuts.  I have control over my server's documentroot
directories, and thus I can safely allow all SymLinks there.  In contrast,
I have no control over user directories (and don't trust my users),
and thus cannot allow arbitrary SymLinks.  I use

   <Directory /dc/ud/www/documentroot>
   AllowOverride FileInfo AuthConfig Limit
   Options Indexes FollowSymLinks IncludesNoExec

   <Directory /*/public_html*>
   AllowOverride FileInfo AuthConfig Limit
   Options Indexes SymLinksIfOwnerMatch IncludesNoExec

to allow this feature.  Removing it from Apache would break Apache.

We also use an automounter, but one that does not (normally) symlink
the mounts -- those few users that get symlinked are not able to
use their public_html spaces.  I consider both of the proposed patches
to be desirable.

> If we want to fix the security problems, we'll do up a server that
> uses chroot().  That is a much better solution than a bunch of hacks
> and imposible to rememeber/use options.

No it isn't -- such a server cannot work in my environment.

     584 messages down, 1110 to go

View raw message