httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@ai.mit.edu (Robert S. Thau)
Subject Re: mod_actions (patch and questions)
Date Fri, 15 Dec 1995 20:37:59 GMT
          A big issue I think is that some peopl e(myself included) put
  things in the public_html and chmod 700 them until they want to make
  them public. This would break that, and adequate warnings should be
  attached, as well.

To say nothing of a symlink to, say, the shadow password file.
IMHO, this patch is a really, *really* bad idea because of these
sorts of situations, and the possibility of other more subtle
interactions which may escape our attention in the first audit.

(BTW, if you think that FollowSymlinksIfOwnerMatch keeps the
shadow password file safe, you aren't thinking hard enough).

rst

Mime
View raw message