httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lucien GENTIS <lucien.gen...@lorraine.iufm.fr>
Subject Re: help for translation
Date Thu, 02 Oct 2008 16:18:26 GMT
Eric Covener a écrit :
> On Tue, Sep 30, 2008 at 7:59 PM, Jason Lingohr <jason@lucid.net.au> wrote:
>   
>> On 30/09/2008 12:28 AM, Lucien GENTIS wrote:
>>     
>>> Hello to all,
>>>
>>> File trunk/manual/lod/core.xml - line 2298 about FollowSymLinks option.
>>>
>>> Could someone explain this sentence :
>>>
>>> "Omitting this option should not be considered a security restriction,
>>> since symlink testing is subject to race conditions that make it
>>> circumventable.
>>>
>>>       
>> The second part reads ok to me -- buffer overrun or memory allocation
>> exhaustion... but the "restriction" word seems odd.
>>
>> Should it perhaps be "should not be considered a security
>> (benefit|enhancement),..."
>>     
>
> Maybe "... security measure"
>
> Re: the 2nd part, AIUI the window between checking that a path
> component isn't a symlink then actually using the path component is
> what this is referring to, not some potential corruption issue in the
> server that would change the behavior.
>
>   
Thanks for all answers ; yet I understand the sentence this way :

"Omitting this option should not be considered a security enhancement, because the time while
testing symlinks can be subject to race conditions and so the security measure taken omitting
this option can be circumvented.

Am i right ?





---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message