12 Dec 2008 22:22
Re: v. 2.2 Documentation errors? (in mod/core.html#options and misc/security_tips.html#protectserverfiles)
Eric Covener <covener <at> gmail.com>
2008-12-12 21:22:37 GMT
2008-12-12 21:22:37 GMT
On Fri, Dec 12, 2008 at 5:26 AM, Christopher Drost <chris.drostie <at> gmail.com> wrote: >> >> How do you get out from under / with a symlink? >> > > I don't understand the question. You don't "get out from under" the > global root directory -- I'm not suggesting a break on chroot or > something like that. You do get out from under the DocumentRoot. (You > might even get out from a chroot applied to Mallory's account but not > Apache's, if I understand the interplay of symlinks and chroot > properly.) > > This Mallory can do as follows, if e.g. he has a site under > mod_userdir. Mallory logs into his account and just types: > > ln -s / /home/mallory/public_html/root You said <Directory />, which is not the document root or something relative to a users home directory.. It's the root of the filesystem. -- -- Eric Covener covener <at> gmail.com
RSS Feed