Hi,
I think there is a security problem with apache2 worker, I have disabled
followSymlinks in apache, it works as excepted, but when the symbolic
link name is index.html or whatever the DirectoryIndex says, I can
follow the symbolic link wherever it goes, for example:
ln -s /etc/passwd /var/www/index.html
Would show passwd contents, the thing is that only works if I don't
specify the index file, for example
http://example.org would follow the
symbolic link but
http://example.org/index.html not (as expected).
Thanks in advance
Carlos.
--
To UNSUBSCRIBE, email to
debian-isp-REQUEST@...
with a subject of "unsubscribe". Trouble? Contact
listmaster@...
