httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: svn commit: r423886 - in /httpd/httpd/trunk: CHANGES server/request.c
Date Thu, 20 Jul 2006 22:13:08 GMT


On 07/20/2006 02:04 PM, Joe Orton wrote:

> 
> I think it's a *very* bad idea to imply that SymLinksIfOwnerMatch is a 
> security feature.
> 
> If you did want to call this a "security feature" then you also need to 
> fix the big fat race condition inbetween all those nice careful stat() 
> calls and the default handler going to open the file.  Which I doubt 
> would be simple to say the least.
> 
> I'd stay well clear of the word "security" here.

I adjusted the svn log message (http://svn.apache.org/viewvc?view=rev&revision=423886)
and removed the word SECURITY from the CHANGES file (http://svn.apache.org/viewvc?view=rev&revision=424084).
I hope this addresses your concerns.

Regards

RĂ¼diger


Mime
View raw message