From docs-return-8486-apmail-httpd-docs-archive=httpd.apache.org@httpd.apache.org Fri Dec 12 21:23:02 2008 Return-Path: Delivered-To: apmail-httpd-docs-archive@www.apache.org Received: (qmail 60122 invoked from network); 12 Dec 2008 21:23:01 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 12 Dec 2008 21:23:01 -0000 Received: (qmail 21707 invoked by uid 500); 12 Dec 2008 21:23:13 -0000 Delivered-To: apmail-httpd-docs-archive@httpd.apache.org Received: (qmail 21675 invoked by uid 500); 12 Dec 2008 21:23:13 -0000 Mailing-List: contact docs-help@httpd.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: docs@httpd.apache.org List-Id: Delivered-To: mailing list docs@httpd.apache.org Received: (qmail 21666 invoked by uid 99); 12 Dec 2008 21:23:13 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 12 Dec 2008 13:23:13 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of covener@gmail.com designates 209.85.217.16 as permitted sender) Received: from [209.85.217.16] (HELO mail-gx0-f16.google.com) (209.85.217.16) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 12 Dec 2008 21:22:59 +0000 Received: by gxk9 with SMTP id 9so1844915gxk.0 for ; Fri, 12 Dec 2008 13:22:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=SEs2kKTu7n57yEo85skmU6m/4SuXfi/IR9SmI//v0Ws=; b=hArJaNKFLtb5ANz/OHwGjRj5yqe0eTy8S2OvL03rQ+QXHztMSEJMizNax3Xs4eHvpS PbTfbqdcRNtpEsBZxFnysUnWQjamNQaJp65FoY1fKliWwaRxVCkQOyYkF5bV/OuoWGac rc5o/OD0Cr6w9x6FQFWNRll3FuWH6tpLmpERU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=g/HWTdqNbSbInQ6Mq0zohHAUk2El+aaXGrx2yv5Q7ybRLuVmtiJ7z+mE0t/BmTfhFj IyXOHHyxa4rBsIWZo+dbrHFtGqt6a4t+t2gVVKDNFm7qXHgs6W6Fuy8QpHrxNm5UVjI/ LuOUS9chilt/13j+aV3pjpOj0rYMO0o+AQwRc= Received: by 10.151.48.20 with SMTP id a20mr7103944ybk.42.1229116957843; Fri, 12 Dec 2008 13:22:37 -0800 (PST) Received: by 10.150.185.17 with HTTP; Fri, 12 Dec 2008 13:22:37 -0800 (PST) Message-ID: <1404e5910812121322v406225b0u47f0662d336b28d8@mail.gmail.com> Date: Fri, 12 Dec 2008 16:22:37 -0500 From: "Eric Covener" To: docs@httpd.apache.org Subject: Re: v. 2.2 Documentation errors? (in mod/core.html#options and misc/security_tips.html#protectserverfiles) In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <1404e5910812111529k59673344i7de447f0c1f4b7fc@mail.gmail.com> X-Virus-Checked: Checked by ClamAV on apache.org On Fri, Dec 12, 2008 at 5:26 AM, Christopher Drost wrote: >> >> How do you get out from under / with a symlink? >> > > I don't understand the question. You don't "get out from under" the > global root directory -- I'm not suggesting a break on chroot or > something like that. You do get out from under the DocumentRoot. (You > might even get out from a chroot applied to Mallory's account but not > Apache's, if I understand the interplay of symlinks and chroot > properly.) > > This Mallory can do as follows, if e.g. he has a site under > mod_userdir. Mallory logs into his account and just types: > > ln -s / /home/mallory/public_html/root You said , which is not the document root or something relative to a users home directory.. It's the root of the filesystem. -- Eric Covener covener@gmail.com --------------------------------------------------------------------- To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org For additional commands, e-mail: docs-help@httpd.apache.org