httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: code & docs corrections for FollowSymLinks and SymLinksIfOwnerMatch
Date Wed, 13 Jun 2007 20:30:23 GMT


On 06/13/2007 05:30 AM, Allen Pulsifer wrote:

> 
> mod_rewrite.c lines 4461 to 4468 currently read:
> 
>     if (!(ap_allow_options(r) & (OPT_SYM_LINKS | OPT_SYM_OWNER))) {
>         /* FollowSymLinks is mandatory! */
>         ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
>                      "Options FollowSymLinks or SymLinksIfOwnerMatch is off
> "
>                      "which implies that RewriteRule directive is forbidden:
> "
>                      "%s", r->filename);
>         return HTTP_FORBIDDEN;

Hm. This looks wrong to me. We should only allow RewriteRules in the directory
context if OPT_SYM_LINKS is set since we do not do any check on the result of a
RewriteRule with respect to symlinks. So we cannot be sure that the result of the
RewriteRule fulfils the conditions promised by OPT_SYM_OWNER.

Regards

RĂ¼diger


Mime
View raw message