httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Plüm, Rüdiger, VF EITO <ruediger.pl...@vodafone.com>
Subject Re: walk caching to avoid extra authnz
Date Wed, 06 Dec 2006 13:41:39 GMT


> -----Ursprüngliche Nachricht-----
> Von: Nick Kew 
> Gesendet: Mittwoch, 6. Dezember 2006 14:34
> An: dev@httpd.apache.org


> 
> In this instance, we need to work through how this relates to
> relevant updates leading to the CHANGES file entry:
> 
>      core: Do not allow internal redirects like the DirectoryIndex of
>      mod_dir to circumvent the symbolic link checks imposed by
>      FollowSymLinks and SymLinksIfOwnerMatch. [Nick Kew, 
> Ruediger Pluem,
>      William Rowe]
> 
> I'm struggling to find the relevant changes in SVN, and there are
> no pointers in the relevant bug report PR#14206.

I guess

r423886
r425057
r425394

is what you are looking for.
Furthermore I remember from the discussions on these changes that we
should be very very cautious in changing this code as it is very
security sensitive.


Regards

Rüdiger


Mime
View raw message