httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Neelay Shah <asknee...@yahoo.com>
Subject Re: [users@httpd] Securing Apache configuration
Date Thu, 11 Aug 2005 21:44:48 GMT

So, if one of the users in his home directory creates
a hard link to C:/ there is no way I could configure
the web server to avoid following that hard
link..following the link would display the contents of
the "C:/"

Neelay

--- "William A. Rowe, Jr." <wrowe@rowe-clan.net>
wrote:

> Neelay Shah wrote:
> > 2. Is there a way for me to configure apache so as
> to
> > disable showing/following hard links...
> 
> Look at your operating system and prevent them from
> existing.
> 
> A hard link is exactly what it says it is; once one
> is created between
> the directory /foo and the directory /bar, there is
> no distinguishing
> foo and bar.  They are idential entries pointing to
> the same mapping
> in your file system.
> 
> Ain't nothing Apache or any other app can do about
> it once you allow
> them to be created; this is why hardlinking is
> protected on most
> modern operating systems.
> 
> Bill
> 
>
---------------------------------------------------------------------
> The official User-To-User support forum of the
> Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail:
> users-unsubscribe@httpd.apache.org
>    "   from the digest:
> users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail:
> users-help@httpd.apache.org
> 
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message