httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Drost" <chris.dros...@gmail.com>
Subject Re: v. 2.2 Documentation errors? (in mod/core.html#options and misc/security_tips.html#protectserverfiles)
Date Fri, 12 Dec 2008 10:26:27 GMT
>
> How do you get out from under / with a symlink?
>

I don't understand the question. You don't "get out from under" the
global root directory -- I'm not suggesting a break on chroot or
something like that. You do get out from under the DocumentRoot. (You
might even get out from a chroot applied to Mallory's account but not
Apache's, if I understand the interplay of symlinks and chroot
properly.)

This Mallory can do as follows, if e.g. he has a site under
mod_userdir. Mallory logs into his account and just types:

ln -s / /home/mallory/public_html/root

Now when Apache sees the symbolic link at
http://www.example.com/~mallory/root, it follows it to the root
directory, which it displays (if Options Indexes is also set). The
<Directory /> Deny from all directive doesn't deny access to Mallory
because presumably there is a <Directory /home/mallory/public_html>
Allow from all directive that makes Mallory's pages visible from the
internet in the first place, and even though the server follows the
symlink it does not change the pathname used to match against
<Directory> sections.

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message