httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Scott Gifford <sgiff...@suspectclass.com>
Subject Re: [users@httpd] Re: Apache Security Problem
Date Fri, 30 May 2008 14:50:25 GMT
Andre Hübner <andre.huebner@gmx.de> writes:

> Hi,
>
>>> You can do restrictions of particular options using the technique
>>> shown her=
>>>e:
>>>http://httpd.apache.org/docs/2.2/howto/htaccess.html#how
>
>>>But I have a feeling that there are other ways around your separation.
>>>It depends on exactly the details of how you are running your scripts.
>
>>> Joshua.
>
> I only can repeat. The way how to create the symlink is
> irrelevant. With Scriptingtechniques no reading of the files of other
> user is possible. (openbasedir/permission denied etc.) 

On most Apache configurations, a script written by any user can read
any files that Apache can read.  It runs as the Apache user (usually
apache or httpd), and can read any files accessible to that user.

If you're running something like suEXEC, though, you're right that the
symlinks will be accessed with a different user than scripts, and
could provide access to files they would not otherwise have access to.
Hopefully one of the other suggestions in this thread has allowed you
to restrict symlink following without breaking your .htaccess files.

Good luck!

-----Scott.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message