httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Plüm, Rüdiger, VF EITO <>
Subject Re: walk caching to avoid extra authnz
Date Wed, 06 Dec 2006 13:41:39 GMT

> -----Ursprüngliche Nachricht-----
> Von: Nick Kew 
> Gesendet: Mittwoch, 6. Dezember 2006 14:34
> An:

> In this instance, we need to work through how this relates to
> relevant updates leading to the CHANGES file entry:
>      core: Do not allow internal redirects like the DirectoryIndex of
>      mod_dir to circumvent the symbolic link checks imposed by
>      FollowSymLinks and SymLinksIfOwnerMatch. [Nick Kew, 
> Ruediger Pluem,
>      William Rowe]
> I'm struggling to find the relevant changes in SVN, and there are
> no pointers in the relevant bug report PR#14206.

I guess


is what you are looking for.
Furthermore I remember from the discussions on these changes that we
should be very very cautious in changing this code as it is very
security sensitive.



View raw message