Last month I had a problem where SSI appeared to be ignoring the
SymlinkIfOwnerMatch configuration directive. I opened a bug, and eventually
discovered what appears to be a problem in the ap_directory_walk function,
where reusing cached directory information bypasses the symbolic link
check.
I think this is a security issue, not a critical one by any means, but
still a security bug. I would appreciate it if any interested parties could
possibly look at my bug:
https://issues.apache.org/bugzilla/show_bug.cgi?id=45959
and provide some feedback on this problem and how it might be resolved. For
now, I'm tentatively considering simply bypassing the cache check, which
results in correct behavior and I don't think would be particularly costly
in terms of resources.
Thanks...
--
Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst | [EMAIL PROTECTED]
California State Polytechnic University | Pomona CA 91768
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
