> > How do you get out from under / with a symlink? > I don't understand the question. You don't "get out from under" the global root directory -- I'm not suggesting a break on chroot or something like that. You do get out from under the DocumentRoot. (You might even get out from a chroot applied to Mallory's account but not Apache's, if I understand the interplay of symlinks and chroot properly.)
This Mallory can do as follows, if e.g. he has a site under mod_userdir. Mallory logs into his account and just types: ln -s / /home/mallory/public_html/root Now when Apache sees the symbolic link at http://www.example.com/~mallory/root, it follows it to the root directory, which it displays (if Options Indexes is also set). The <Directory /> Deny from all directive doesn't deny access to Mallory because presumably there is a <Directory /home/mallory/public_html> Allow from all directive that makes Mallory's pages visible from the internet in the first place, and even though the server follows the symlink it does not change the pathname used to match against <Directory> sections. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
