Possible security problem with apache2?
Hi,
I think there is a security problem with apache2 worker, I have disabled
followSymlinks in apache, it works as excepted, but when the symbolic
link name is index.html or whatever the DirectoryIndex says, I can
follow the symbolic link wherever it goes, for example:
ln -s /etc/passwd /var/www/index.html
Would show passwd contents, the thing is that only works if I don't
specify the index file, for example http://example.org would follow the
symbolic link but http://example.org/index.html not (as expected).
Thanks in advance
Carlos.
Reply to: