You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Brian Behlendorf <br...@hyperreal.org> on 1997/07/21 09:02:43 UTC

PR#722 - "symlinksifownerorrootmatch"

Ugh.  I am tempted to say we're not interested in working around 
big glaring bugs in Sun's "ufsrestore" program.  Also, he seems to
misunderstand that the "owner" in the "symlinksifownermatch" is the
owner of the target, not the owner of the symlink itself.  Mind if I reply
with a "sorry" message?

	Brian


--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
"Why not?" - TL           brian@organic.com - hyperreal.org - apache.org

Re: PR#722 - "symlinksifownerorrootmatch"

Posted by Marc Slemko <ma...@worldgate.com>.

There is more to it than that.  Under Solaris, changing the owner of the
link (not the file it points to, but the link) _does_ cause Apache to deny
access.  Haven't looked at the code.  Hmm.  Oh, that sucks.  Does Apache
check if the owner of the link matches the owner of where it is linked to?

As what was going to be an aside, on some systems symlinks don't even have
owners but just take the ownership and permissions of the file they point
to.  Always fun to create symlinks you can't remove.  More importantly in
this case, seems to me like Apache may allow you to symlink anywhere
because the owners will always match.

On Mon, 21 Jul 1997, Brian Behlendorf wrote:

> Ugh.  I am tempted to say we're not interested in working around 
> big glaring bugs in Sun's "ufsrestore" program.  Also, he seems to
> misunderstand that the "owner" in the "symlinksifownermatch" is the
> owner of the target, not the owner of the symlink itself.  Mind if I reply
> with a "sorry" message?
> 
> 	Brian
> 
> 
> --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
> "Why not?" - TL           brian@organic.com - hyperreal.org - apache.org
>

Re: PR#722 - "symlinksifownerorrootmatch"

Posted by Dean Gaudet <dg...@arctic.org>.

It's not just solaris that has this behaviour.  It's any unix whose
chown() follows symlinks.  I believe this includes most of the SysVr4
derivates... dunno about BSD.  It isn't a problem on linux. 

But yeah let's not add it. 

Dean

On Mon, 21 Jul 1997, Brian Behlendorf wrote:

> Ugh.  I am tempted to say we're not interested in working around 
> big glaring bugs in Sun's "ufsrestore" program.  Also, he seems to
> misunderstand that the "owner" in the "symlinksifownermatch" is the
> owner of the target, not the owner of the symlink itself.  Mind if I reply
> with a "sorry" message?
> 
> 	Brian
> 
> 
> --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
> "Why not?" - TL           brian@organic.com - hyperreal.org - apache.org
>