httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: 1.2.6
Date Sat, 14 Feb 1998 03:11:45 GMT
Yuck, I wasn't even aware of this brokenness in mod_userdir.  I personally
wish we'd just dropped mod_userdir et al for mod_rewrite ages ago.  But
whatever.  I'll go put a bandaid on it. 

The special names on win32 should definately be looked into. 

Dean

On Fri, 13 Feb 1998, Marc Slemko wrote:

> The one where a "UserDir /home/" will allow traversal of the entire
> filesystem?  PR... 1701.
> 
> "UserDir public_html" and "UserDir /home/*/public_html" type ones aren't
> impacted, and it only lets you go one hierarchy above the UserDir
> specified.
> 
> On Thu, 12 Feb 1998, Dean Gaudet wrote:
> 
> > What UserDir security thing?
> > 
> > Dean
> > 
> > On Thu, 12 Feb 1998, Marc Slemko wrote:
> > 
> > > That UserDir security thing should be fixed first.
> > > 
> > > I suspect it is a simple matter of adding a check for ".." and possibly
> > > "." and possibly any other special names on odd OSes (will your special
> > > names like cons or whatever they are on Win32 cause problems?)
> > > 
> > > On Thu, 12 Feb 1998, Dean Gaudet wrote:
> > > 
> > > > I'm happy with 1.2.6-dev.  So I'd like to start the release clock.  I
> > > > propose to roll the tarball next weds, the 18th of Feb.  If folks want
to
> > > > toy with the latest and don't want to haul down the entire repository,
> > > > I've got it at www.arctic.org/~dgaudet/apache/1.2.6-dev.tar.gz.
> > > > 
> > > > How's that sound?
> > > > 
> > > > Dean
> > > > 
> > > > 
> > > 
> > > 
> > 
> 
> 


Mime
View raw message