httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Havard" <>
Subject Plugging nice big security hole (OS/2)
Date Mon, 20 Jul 1998 07:32:53 GMT
My testing shows that OS/2 suffers the same problem as Win32 with trailing
dots on directory names and I'm trying to do something about it.

As it stand, you can bypass protection of a directory by adding a dot at the
end. I've written an ap_os_canonical_filename() that removes the trailing
dots (and does a few other things) and that seems to secure <Directory> type
access restrictions but <Location> types are still vunerable. What can I do
to fix them?

 |  Brian Havard                 |  "He is not the messiah!                   |
 |  |  He's a very naughty boy!" - Life of Brian |

View raw message