The following reply was made to PR general/1402; it has been noted by GNATS.
From: Dean Gaudet <[EMAIL PROTECTED]> To: Stig <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] Subject: Re: general/1402: Relative Symlinks are handled improperly Date: Thu, 13 Nov 1997 21:08:19 -0800 (PST) [What, is this the week where everyone who submits bugs has to do so in a derogatory manner? It's sure nice to feel appreciated. Not. I apologize in advance if your message was jovial and I didn't catch the joke.] I cannot reproduct this bug: cd apachen echo hi >ick.txt cd htdocs ln -s ../ick.txt cd ../conf echo "Alias /whatever /home/dgaudet/ap/apachen/htdocs" start server telnet to server and GET /whatever/ick.txt HTTP/1.0. It succeeds. Apache doesn't ever read a symlink. It uses lstat() to find them, but that's all it does with them. So it's really hard for me to imagine this bug existing. In no event does Apache handle symlinks manually. You're invited to read directory_walk() in http_request.c if you want to see it yourself. On 12 Nov 1997, Stig wrote: > PS: I concur with bug 922. Symlinks owned by root should always be > respected, regardless of SymLinksIfOwnerMatch. That's a nice opinion. Are you aware that there are systems, which are POSIX compliant, on which the owner of a symlink is absolutely irrelevant? For example, on said systems, to create a symlink with a particular owner you must setuid(owner) first. On said systems, if a user directory is restored from backup, or copied from one filesystem to another, then all symlinks in that user's directory will be owned by root. We have no desire to figure out which systems behave like that. So SymLinksIfOwnerMatch won't be changing to cater to the systems which do allow chown()ing of symlinks. > Symlinks should be expanded in the filesystem pathname and not the URL. As I said earlier, they're never expanded. We'd have to use readlink() to do that, I challenge you to find a call to readlink() in Apache. > To continue on a related nit... > It disturbs me that apache does not provide chmod-like behavior wrt symlinks. > The expanded name should then be checked against Directory directives to > determine if > access is permitted. If you want this to change then submit a feature request. As documented Apache does not do this. Symlinks are never expanded. If you want a personal opinion, I'll give you mine: relying on symlink protection in Apache is a bad idea. The only real solution is a chroot() cage. Dean
