On 06/13/2007 05:30 AM, Allen Pulsifer wrote:
mod_rewrite.c lines 4461 to 4468 currently read:
if (!(ap_allow_options(r) (OPT_SYM_LINKS | OPT_SYM_OWNER))) {
/* FollowSymLinks is mandatory! */
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
Options
Hm. This looks wrong to me. We should only allow RewriteRules
in the directory context if OPT_SYM_LINKS is set since we do
not do any check on the result of a RewriteRule with respect
to symlinks. So we cannot be sure that the result of the
RewriteRule fulfils the conditions promised by
Reading resolve_symlink() in server/request.c, it first checks
OPT_SYM_LINKS. If OPT_SYM_LINKS is set, it never does the checks for link
ownership. It checks link ownership only when OPT_SYM_OWNER is set and
OPT_SYM_LINKS is unset.
Based on this logic, the following changes should be made to