Bug#588231: apache2: Haphazard permission check on symlinks (might be a Linux bug)

To: eddy@opera.com
Cc: 588231@bugs.debian.org
Subject: Bug#588231: apache2: Haphazard permission check on symlinks (might be a Linux bug)
From: Stefan Fritsch <sf@sfritsch.de>
Date: Thu, 8 Jul 2010 23:35:44 +0200
Message-id: <[🔎] 201007082335.45210.sf@sfritsch.de>
Reply-to: Stefan Fritsch <sf@sfritsch.de>, 588231@bugs.debian.org
In-reply-to: <[🔎] 20100706095650.23379.87599.reportbug@whorl>
References: <[🔎] 20100706095650.23379.87599.reportbug@whorl>

On Tuesday 06 July 2010, Edward Welbourne wrote:
> The web-server succeeded
> in displaying the contents *usually*, but one of my colleagues
> noticed that, on reload, he got 403'd.
> 
> The fact that this (mostly) worked at all suggests that apache is
> sometimes accessing content as root, instead of as the unprivileged
> user www-data.  The problem might be that Linux (the underlying
> O/S) is being flaky about enforcing permissions.

It sounds much more likely that a browser or proxy server was caching 
the pages. When reloading, apache gave the 403. Can you rule that out?

Reply to:

Follow-Ups:
- Bug#588231: apache2: Haphazard permission check on symlinks (might be a Linux bug)
  - From: Edward Welbourne <eddy@opera.com>

References:
- Bug#588231: apache2: Haphazard permission check on symlinks (might be a Linux bug)
  - From: Edward Welbourne <eddy@opera.com>

Prev by Date: Bug#588231: apache2: Haphazard permission check on symlinks (might be a Linux bug)
Next by Date: Bug#588231: apache2: Haphazard permission check on symlinks (might be a Linux bug)
Previous by thread: Bug#588231: apache2: Haphazard permission check on symlinks (might be a Linux bug)
Next by thread: Bug#588231: apache2: Haphazard permission check on symlinks (might be a Linux bug)
Index(es):
- Date
- Thread