httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcin Zawadzki/" <>
Subject 2.0.x
Date Wed, 12 Jul 2006 19:48:47 GMT
In version 2.0.x (latest), is very important bug security.

When option followsymlinks and symlinksifownermatrch are disabled, there
is another way to use symlinks on linux. There is:

I created directory in document root (documentroot=/home/apachedata/htdocs):

mkdir directory1

then i create a symlinks, wchich names is the name of file in Directory
index (for example index.html)

ln -s /etc/passwd index.html

Then in browser i put:


and i see the passwd file i browser.
If i put http://hostname/directory1/index.html then this security
problem is not exist.
Please reapir this error(bug), and email me when it is repaired.

Sorry for my English.

Marcin Zawadzki,
GPG: 4096D/81DFA928 6C5C F525 8CAA 2A20 B878  C248 08FE 060C 81DF A928

View raw message