httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Covener" <cove...@gmail.com>
Subject Re: v. 2.2 Documentation errors? (in mod/core.html#options and misc/security_tips.html#protectserverfiles)
Date Fri, 12 Dec 2008 21:22:37 GMT
On Fri, Dec 12, 2008 at 5:26 AM, Christopher Drost
<chris.drostie@gmail.com> wrote:
>>
>> How do you get out from under / with a symlink?
>>
>
> I don't understand the question. You don't "get out from under" the
> global root directory -- I'm not suggesting a break on chroot or
> something like that. You do get out from under the DocumentRoot. (You
> might even get out from a chroot applied to Mallory's account but not
> Apache's, if I understand the interplay of symlinks and chroot
> properly.)
>
> This Mallory can do as follows, if e.g. he has a site under
> mod_userdir. Mallory logs into his account and just types:
>
> ln -s / /home/mallory/public_html/root

You said <Directory />, which is not the document root or something
relative to a users home directory..   It's the root of the
filesystem.


-- 
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message