httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <ylavic....@gmail.com>
Subject Re: Fix DirectoryMatch to not match regular files?
Date Wed, 29 Oct 2014 11:53:14 GMT
Hi Jan,

IMHO the patch is valid, even for backports.

<Directory> and <DirectoryMatch> are documented to "enclose a group of
directives that will apply only to the named *directory*,
sub-directories of that *directory*, and the files within the
respective *directories*".

While <Directory> does the APR_DIR check, <DirectoryMatch> doesn't,
this is not consistent.

There exists the <Files[Match]> closures for files, using
ap_file_walk() which is not quite the same code as
ap_directory_walk().
There may also be security concerns over there if we are being lenient
with unexpected/able configuration (not that I'm not thinking about a
particular one).

+1 to apply it (for more review).

Regards,
Yann.

On Wed, Oct 29, 2014 at 12:18 PM, Jan Kalu┼ża <jkaluza@redhat.com> wrote:
> Hi,
>
> I was trying to fix PR41867 using attached patch. While the patch seems to
> work, I'm thinking if the behaviour change introduced by the patch can bring
> some problems.
>
> Currently, "<DirectoryMatch ^/var/www/html/private>" matches also
> "/var/www/html/private.txt" even it is a regular file and not a directory.
> With the patch, DirectoryMatch won't match "private.txt" in this case,
> because it's a file.
>
> While I think this is excepted behaviour of DirectoryMatch, I'm not sure if
> it's acceptable change in 2.4.x branch (or even trunk?). What do you think?
>
> Regards,
> Jan Kaluza

Mime
View raw message