Home page logo
/

bugtraq logo Bugtraq mailing list archives

httpd symlinks, was Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
From: martinh () paston co uk (Martin Hargreaves)
Date: Sat, 2 Sep 1995 14:37:17 +0100


Panzer (panzer () dhp com) wrote:

OB BugTraq, does a user making a "~/public_html/root_dir -> /" link do
what you think it does on your web server?  Maybe this isn't a hot
idea...  Even worse if you nfs mount users pages via a web server that
does other tasks also...

I think this list went through over this problem a few months ago, the
consensus being that if you don't trust your users then this is one of many
ways that they can compromise your system. I believe that with NCSA httpd
(at least on 1.3) that you need

<Directory /*/public_html*>
AllowOverride None
Options Indexes FollowSymLinks
</Directory>

For the problem to work. Of course if you run httpd as root you are in
serious trouble by this time as you have given away at least your shadow
password file...

Try adding this to "access.conf" on apache 0.8.11 or ncsa 1.4 (not sure
about how CERN handles this).  "SymLinksIfOwnerMatch" is only vaguely
documented.

<Directory /*/public_html*>
AllowOverride None
Options Indexes SymLinksIfOwnerMatch
</Directory>

I haven't seen apache or versions of NCSA httpd higher than 1.3 so I don't
know about SymLinksIfOwnerMatch. The fix last time we did this was to not
include FollowSymLinks. There is apparently an analogous directive for the
CERN httpd.

        Regards,

                Martin.
########################################################################
#  Martin Hargreaves                Contract Unix System Administrator #
# (martinh () paston co uk)                  Unix & Network Security, WWW #
#                                              Computational Chemistry #
########################################################################



  By Date           By Thread  

Current thread:
  • httpd symlinks, was Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Martin Hargreaves (Sep 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault