httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <>
Subject Re: svn commit: r423886 - in /httpd/httpd/trunk: CHANGES server/request.c
Date Thu, 20 Jul 2006 12:42:53 GMT
On 20.07.2006 14:04, Joe Orton wrote:

> I think it's a *very* bad idea to imply that SymLinksIfOwnerMatch is a 
> security feature.
> If you did want to call this a "security feature" then you also need to 
> fix the big fat race condition inbetween all those nice careful stat() 
> calls and the default handler going to open the file.  Which I doubt 
> would be simple to say the least.

This is true.

> I'd stay well clear of the word "security" here.

I guess I can't change the log entry anymore. All I can do is adjust the CHANGES
entry. Would that address your concerns?



View raw message