[Bug 947744] [NEW] $ anchor doesn't work in Directory ~ regexp

jimav Mon, 05 Mar 2012 21:35:41 -0800

Public bug reported:

$ (end-of-line anchor) seems to break regular expressions with the
Directory config directive.


The $ is not being treated literally, but it is not ignored either.  If
present, it seems to completely prevent matching.

Steps to demonstrate:
1. Create the following test files in your tree (e.g. under /var/www/somewhere):

       echo "should be protected" > foo.BAK
       mkdir dir.BAK
       echo "should be protected" >dir.BAK/file
       echo "should be readable" > french.BAKERY

2.  Add to /etc/apache2/apache2.conf:

# This is intended to prevent access to any *.BAK (or contents, if directory)
# Note: We are using a regular expression, not wildcard syntax, and there is
# no initial ^ anchor.   Therefore it should match at the tail of any path.
<Directory ~ "\.BAK$">
    Order allow,deny
    Deny from all
    Satisfy all
</Directory>

3. sudo /etc/init.d/apache2 restart

4. Try to access the files.   
wget -O- http://localhost/somewhere/foo.BAK    # should get permission denied, 
but succeeds
wget -O- http://localhost/somewhere/dir.BAK/file   # should get permission 
denied, but succeeds
wget -O- http://localhost/somewhere/french.BAKERY  # succeeds
wget -O- http://localhost/somewhere/'foo.BAK$'   #  fails, proving the $ does 
not match literally

5.  Remove the trailing "$" from the Directory ~ regex in apache2.conf,
and restart the server

6. Test again:
wget -O- http://localhost/somewhere/foo.BAK    # permission denied as expected
wget -O- http://localhost/somewhere/dir.BAK/file   # permission denied as 
expected
wget -O- http://localhost/somewhere/french.BAKERY  # should succeed, but FAILS 
(because the regexp is not anchored at the end)

ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: apache2 2.2.20-1ubuntu1.2
ProcVersionSignature: Ubuntu 3.0.0-16.28-generic 3.0.17
Uname: Linux 3.0.0-16-generic x86_64
NonfreeKernelModules: fglrx
Apache2ConfdDirListing: ['other-vhosts-access-log', 'localized-error-pages', 
'security', 'charset']
ApportVersion: 1.23-0ubuntu4
Architecture: amd64
Date: Mon Mar  5 21:08:07 2012
InstallationMedia: Xubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: apache2
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.apache2.apache2.conf: [modified]
mtime.conffile..etc.apache2.apache2.conf: 2012-03-05T21:07:48.481293

** Affects: apache2 (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug oneiric

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
https://bugs.launchpad.net/bugs/947744

Title:
  $ anchor doesn't work in Directory ~ regexp

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/947744/+subscriptions

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

[Bug 947744] [NEW] $ anchor doesn't work in Directory ~ regexp

Reply via email to