You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Dean Gaudet <dg...@arctic.org> on 1997/06/23 03:14:50 UTC
[PATCH] PR#353: symlink permission problem
In directory_walk it says that the permissions of the parent determine if
a symlink is acceptable. It implements that during the main loop, but
then just outside the main loop is one more symlink test. The latter is
required for /dir/file to handle the case where file is a symlink. But in
the case /dir/symdir where symdir is a symlink to a directory it has, in
my opinion a bug -- it will read /dir/symdir/.htaccess and use the
permissions defined there to check if symdir is acceptable.
Consider:
cd apache/htdocs
echo Options -FollowSymLinks >manual/.htaccess
ln -s manual symdir
Then access /symdir (or /symdir/) and you'll get a 403. But accessing
/symdir/index.html you will get a 200.
The following small patch fixes this. But it's one of those
head-scratcher "is this really right? does this open a security hole?"
things. So please review carefully.
I think there are other related PRs but couldn't find them.
Dean
Index: http_request.c
===================================================================
RCS file: /export/home/cvs/apache/src/http_request.c,v
retrieving revision 1.51
diff -c -3 -r1.51 http_request.c
*** http_request.c 1997/06/15 19:22:27 1.51
--- http_request.c 1997/06/23 00:36:14
***************
*** 399,406 ****
r->per_dir_config = per_dir_defaults;
! if ((res = check_symlinks (r->filename, allow_options(r))))
! {
log_reason("Symbolic link not allowed", r->filename, r);
return res;
}
--- 399,414 ----
r->per_dir_config = per_dir_defaults;
! /* Symlink permissions are determined by the parent. If the request is for
! * a directory then applying the symlink test here would use the
! * permissions of the directory as opposed to its parent. Consider a
! * symlink pointing to a dir with a .htaccess disallowing symlinks. If you
! * access /symlink (or /symlink/) you would get a 403 without this S_ISDIR
! * test. But if you accessed /symlink/index.html, for example, you would
! * *not* get the 403.
! */
! if (!S_ISDIR (r->finfo.st_mode)
! && (res = check_symlinks (r->filename, allow_options(r)))) {
log_reason("Symbolic link not allowed", r->filename, r);
return res;
}