httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Covener" <cove...@gmail.com>
Subject Re: v. 2.2 Documentation errors? (in mod/core.html#options and misc/security_tips.html#protectserverfiles)
Date Thu, 11 Dec 2008 23:29:48 GMT
On Thu, Dec 11, 2008 at 6:23 PM, Christopher Drost
<chris.drostie@gmail.com> wrote:
>
> This is false, as far as I can tell -- if you allow FollowSymLinks,
> then the malicious user doesn't care about the <Directory />
> conditional. (Per mod/core.html#options :: "Even though the server
> follows the symlink it does not change the pathname used to match
> against <Directory> sections.")

How do you get out from under / with a symlink?


-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message