httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Covener" <cove...@gmail.com>
Subject Re: help for translation
Date Wed, 01 Oct 2008 16:02:13 GMT
On Tue, Sep 30, 2008 at 7:59 PM, Jason Lingohr <jason@lucid.net.au> wrote:
> On 30/09/2008 12:28 AM, Lucien GENTIS wrote:
>> Hello to all,
>>
>> File trunk/manual/lod/core.xml - line 2298 about FollowSymLinks option.
>>
>> Could someone explain this sentence :
>>
>> "Omitting this option should not be considered a security restriction,
>> since symlink testing is subject to race conditions that make it
>> circumventable.
>>
>
> The second part reads ok to me -- buffer overrun or memory allocation
> exhaustion... but the "restriction" word seems odd.
>
> Should it perhaps be "should not be considered a security
> (benefit|enhancement),..."

Maybe "... security measure"

Re: the 2nd part, AIUI the window between checking that a path
component isn't a symlink then actually using the path component is
what this is referring to, not some potential corruption issue in the
server that would change the behavior.

-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message