Bug 52683 - add a symlink option that rechecks the access permission with the resolved symlink
Summary: add a symlink option that rechecks the access permission with the resolved sy...
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: Core (show other bugs)
Version: 2.5-HEAD
Hardware: All All
: P2 enhancement (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Depends on:
Reported: 2012-02-16 15:50 UTC by Christoph Anton Mitterer
Modified: 2012-02-16 15:50 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description Christoph Anton Mitterer 2012-02-16 15:50:56 UTC

The Options directive provides currently two parameters to allow following symbolic links.
Both are rather dangerous in that the (more or less) just allow the access, without checking any <Directory>/<File> (+ their regexp variants) blocks again.

So even if I have
<Diretory />
  Order allow, deny
  Deny from all

Access to e.g. /etc/shadow is granted if there's a directory the contains a symlink to this and hast symlinks allowed.

Now one can always argue, that it's the users fault if such things happens, but even the sysadmin can accidentally create symlinks that endanger somehow security and he doesn't notice this immediately.

As this is a long years deficiency of Apache I suggest adding a third symlink argument to the Options directive, which enables followin symlinks, but first resolves them (i.e. what readlink -f does) and checks the resulting file against all access directives.

As this is probably slower, that other two options deserve to stay in place, for those who are happy enough with them.