From: Joshua Slive <slive@apache.org>
Date: Thu, 23 Aug 2007 14:04:27 +0000 (+0000)
Subject: Correct a common misconception: symlink restrictions
X-Git-Tag: 2.3.0~1558
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0b8a5e9d456964f2aacb82369e85ad6d8426ae2f;p=thirdparty%2Fapache%2Fhttpd.git

Correct a common misconception: symlink restrictions
are policy restrictions, not security restrictions.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@569000 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/core.html.en b/docs/manual/mod/core.html.en
index 42165a5f8c6..efe2bc5aae8 100644
--- a/docs/manual/mod/core.html.en
+++ b/docs/manual/mod/core.html.en
@@ -2217,6 +2217,9 @@ directory</td></tr>
       <p>Note also, that this option <strong>gets ignored</strong> if set
       inside a <code class="directive"><a href="#location">&lt;Location&gt;</a></code>
       section.</p>
+      <p>Omitting this option should not be considered a security restriction,
+      since symlink testing is subject to race conditions that make it
+      circumventable.</p>
       </div></dd>
 
       <dt><code>Includes</code></dt>
@@ -2257,8 +2260,11 @@ directory</td></tr>
       target file or directory is owned by the same user id as the
       link.
 
-      <div class="note"><h3>Note</h3> This option gets ignored if
-      set inside a <code class="directive"><a href="#location">&lt;Location&gt;</a></code> section.</div>
+      <div class="note"><h3>Note</h3> <p>This option gets ignored if
+      set inside a <code class="directive"><a href="#location">&lt;Location&gt;</a></code> section.</p>
+      <p>This option should not be considered a security restriction,
+      since symlink testing is subject to race conditions that make it
+      circumventable.</p></div>
       </dd>
     </dl>
 
diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml
index b0a89146193..c623b7a8643 100644
--- a/docs/manual/mod/core.xml
+++ b/docs/manual/mod/core.xml
@@ -2214,6 +2214,9 @@ directory</description>
       <p>Note also, that this option <strong>gets ignored</strong> if set
       inside a <directive type="section" module="core">Location</directive>
       section.</p>
+      <p>Omitting this option should not be considered a security restriction,
+      since symlink testing is subject to race conditions that make it
+      circumventable.</p>
       </note></dd>
 
       <dt><code>Includes</code></dt>
@@ -2254,9 +2257,12 @@ directory</description>
       target file or directory is owned by the same user id as the
       link.
 
-      <note><title>Note</title> This option gets ignored if
+      <note><title>Note</title> <p>This option gets ignored if
       set inside a <directive module="core"
-      type="section">Location</directive> section.</note>
+      type="section">Location</directive> section.</p>
+      <p>This option should not be considered a security restriction,
+      since symlink testing is subject to race conditions that make it
+      circumventable.</p></note>
       </dd>
     </dl>