Re: [htdig] Suse 6.2 + htdig 3.1.5


Subject: Re: [htdig] Suse 6.2 + htdig 3.1.5
From: Albert Lunde (Albert-Lunde@northwestern.edu)
Date: Tue May 02 2000 - 14:28:57 PDT


> what Apache would give for the parent directory, but even if that did
> point outside of the DocumentRoot, Apache should never serve a document
> that's out of bounds. If it does, this seems to suggest a serious
> hole.

Apache will serve up documents outside the document root via
symbolic links if you have configured it to follow symbolic
links and not followed their advice to deny access to
all files by default.

This is a security issue but I think it is addressed in the
documentation to some extent:

http://www.apache.org/docs/misc/security_tips.html

--
    Albert Lunde          Albert-Lunde@northwestern.edu (new address)
                          Albert-Lunde@nwu.edu (old address)

------------------------------------ To unsubscribe from the htdig mailing list, send a message to htdig-unsubscribe@htdig.org You will receive a message to confirm this.



This archive was generated by hypermail 2b28 : Tue May 02 2000 - 12:15:49 PDT