httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@worldgate.com>
Subject Re: 1.2.6
Date Fri, 13 Feb 1998 07:00:32 GMT
The one where a "UserDir /home/" will allow traversal of the entire
filesystem?  PR... 1701.

"UserDir public_html" and "UserDir /home/*/public_html" type ones aren't
impacted, and it only lets you go one hierarchy above the UserDir
specified.

On Thu, 12 Feb 1998, Dean Gaudet wrote:

> What UserDir security thing?
> 
> Dean
> 
> On Thu, 12 Feb 1998, Marc Slemko wrote:
> 
> > That UserDir security thing should be fixed first.
> > 
> > I suspect it is a simple matter of adding a check for ".." and possibly
> > "." and possibly any other special names on odd OSes (will your special
> > names like cons or whatever they are on Win32 cause problems?)
> > 
> > On Thu, 12 Feb 1998, Dean Gaudet wrote:
> > 
> > > I'm happy with 1.2.6-dev.  So I'd like to start the release clock.  I
> > > propose to roll the tarball next weds, the 18th of Feb.  If folks want to
> > > toy with the latest and don't want to haul down the entire repository,
> > > I've got it at www.arctic.org/~dgaudet/apache/1.2.6-dev.tar.gz.
> > > 
> > > How's that sound?
> > > 
> > > Dean
> > > 
> > > 
> > 
> > 
> 


Mime
View raw message