Last month I had a problem where SSI appeared to be ignoring the SymlinkIfOwnerMatch configuration directive. I opened a bug, and eventually discovered what appears to be a problem in the ap_directory_walk function, where reusing cached directory information bypasses the symbolic link check. I think this is a security issue, not a critical one by any means, but still a security bug. I would appreciate it if any interested parties could possibly look at my bug: https://issues.apache.org/bugzilla/show_bug.cgi?id=45959 and provide some feedback on this problem and how it might be resolved. For now, I'm tentatively considering simply bypassing the cache check, which results in correct behavior and I don't think would be particularly costly in terms of resources. Thanks... -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | henson@xxxxxxxxxxxxx California State Polytechnic University | Pomona CA 91768 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|