[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Possible security problem with apache2?


I think there is a security problem with apache2 worker, I have disabled followSymlinks in apache, it works as excepted, but when the symbolic link name is index.html or whatever the DirectoryIndex says, I can follow the symbolic link wherever it goes, for example:

ln -s /etc/passwd /var/www/index.html

Would show passwd contents, the thing is that only works if I don't specify the index file, for example http://example.org would follow the symbolic link but http://example.org/index.html not (as expected).

Thanks in advance


Reply to: