www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s...@hackvan.com
Subject Re: general/1402: Relative Symlinks are handled improperly
Date Fri, 14 Nov 1997 10:10:01 GMT
The following reply was made to PR general/1402; it has been noted by GNATS.

From: stig@hackvan.com
To: Dean Gaudet <dgaudet@arctic.org>
Cc: apbugs@hyperreal.org
Subject: Re: general/1402: Relative Symlinks are handled improperly
Date: 14 Nov 1997 08:49:42 -0000

 Dean Gaudet wrote:
 > 
 > > I was really tired and really cranky.  My hand was hurting.  You're right.
 > > I hate bug reports like that too.  Especially they're misinterpretations of
 > > the problem.
 > 
 > No problem, I apologize too for the curtness of my reply.
 > 
 > > As some penance, I got your address from internic and just wrote you a
 > > personal check.  Expect it next week.  Sorry again...what else can I say?
 > > And thank you.
 > 
 > That's not necessary I assure you!
 
 Doesn't matter.  It's consistent with my view of how the world ought to
 work and how people ought to behave...not necessarily by making everything a
 financial transaction, but by saying "thank you" in some tangible way.  
 
 Spread the meme.
 
 
 > SymLinksIfOwnerMatch works until you copy a users directory as described
 > ... but a malicious user could have done "ln -s / hahaha" and it would
 > become a hole after a restore or home directory movement.  So if we treat
 > root specially we open this subtle attack.
 
 ok, thanks for explaining it.  Did I mention that I hate it when bug
 compatibility interferes with otherwise sensible design decisions?
 I really do.
 
 
 
 > > > If you want this to change then submit a feature request.  As documented
 > > > Apache does not do this.  Symlinks are never expanded.  If you want a
 > > > personal opinion, I'll give you mine:  relying on symlink protection in
 > > > Apache is a bad idea.  The only real solution is a chroot() cage.
 > > 
 > > You're right.  That's better.
 > 
 > I'm working on another security model for Apache ... I'm trying to figure
 > out another solution to this problem.  But I'm too busy lately to get
 > anywhere on the work.  chroot() should be easier in the model;  including
 > chroot() compartments for CGI users.  I'll announce it when I've got
 > something to show. 
 
 Oooooooooooooooooh!  Baited breath, etc...
 
     Stig 

Mime
View raw message