Hello list, Now that apache has FollowSymLinks and SymLinksIfOwnerMatch options, there's still some security issue. For example, someone cp /etc/passwd to his home directory(/home/foo/passwd), create a symbolic link from /home/foo/passwd to /var/www/hidden_dir/passwd. Since the owner maches, it will still lead to exposure of passwd file. Is there any way to avoid this? I'd like to restrict the symbolic link from linking across the DocumentRoot, idea?
-- Patrick Hsieh <[EMAIL PROTECTED]> GPG public key http://pahud.net/pubkeys/pahudatezplay.gpg -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
