Message-Id: <199807200917.TAA25809@silk.apana.org.au>
From: "Brian Havard" <brianh@kheldar.apana.org.au>
To: "new-httpd@apache.org" <new-httpd@apache.org>
Date: Mon, 20 Jul 1998 19:17:22 +1000
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Subject: Re: Plugging nice big security hole (OS/2)
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@apache.org

On Mon, 20 Jul 1998 01:35:21 -0600 (MDT), Marc Slemko wrote:

>On Mon, 20 Jul 1998, Brian Havard wrote:
>
>> My testing shows that OS/2 suffers the same problem as Win32 with trailing
>> dots on directory names and I'm trying to do something about it.
>> 
>> As it stand, you can bypass protection of a directory by adding a dot at the
>> end. I've written an ap_os_canonical_filename() that removes the trailing
>> dots (and does a few other things) and that seems to secure <Directory> type
>> access restrictions but <Location> types are still vunerable. What can I do
>> to fix them?
>
>Talk to Dean and your problems will vanish.  He will simply define
>Location as something that isn't supposed to protect access to files, and
>you have no problems.  I don't fully disagree with him, but... 
>
>AFAIK, this is how Win32 is being treated right now.

Hmm, Ok. I'll submit my patch that adds ap_os_canonical_filename() then.
I must be missing something though as my function is only about 30 lines
compared to the Win32 version of around 140. Maybe it's just because I don't
have to deal with the long/short name crap that Windoze has.......

--
 ______________________________________________________________________________
 |  Brian Havard                 |  "He is not the messiah!                   |
 |  brianh@kheldar.apana.org.au  |  He's a very naughty boy!" - Life of Brian |
 ------------------------------------------------------------------------------