Bugtraq: Re: Curious fileutils/coreutils behaviour.

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Curious fileutils/coreutils behaviour.

From: Martin <broadcast () mail ptraced net>
Date: Sat, 15 May 2004 15:52:02 -0300

SymLinksIfOwnerMatch
   The server will only follow symbolic links for which the target file
   or directory is owned by the same user id as the link.
   *Note*: this option gets ignored if set inside a <Location> section.

    From http://httpd.apache.org/docs/mod/core.html#options


Luciano Miguel Ferreira Rocha wrote:

On Fri, May 14, 2004 at 07:49:07PM +0100, David Malone wrote:

(*)Contrary to the FAQ entry you cited, it is sometimes useful to change the
ownership of a symlink.  Since the owner of a symlink can be detected by a
program, there can exist programs which depend on it.

Yes, indeed. As another example, Apache has an option to only follow
symlinks if they belong to the right person.


If the target belongs to the right person, not the symlink itself.

Regards,
Luciano Rocha

By Date By Thread

Current thread:

Re: Curious fileutils/coreutils behaviour., (continued)
- Re: Curious fileutils/coreutils behaviour. Nicolas Rachinsky (May 14)
- RE: Curious fileutils/coreutils behaviour. Michael Wojcik (May 14)
  - Re: Curious fileutils/coreutils behaviour. David Malone (May 14)
    - Re: Curious fileutils/coreutils behaviour. Michael Shigorin (May 15)
    - Re: Curious fileutils/coreutils behaviour. Luciano Miguel Ferreira Rocha (May 15)
    - Re: Curious fileutils/coreutils behaviour. Martin (May 15)