From: Joshua Slive <slive@apache.org>
Date: Thu, 23 Aug 2007 14:50:26 +0000 (+0000)
Subject: Merge r569000 from trunk:
X-Git-Tag: 2.2.6~135
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=deb6479bfccd353fea43b531386b4644b073f213;p=thirdparty%2Fapache%2Fhttpd.git

Merge r569000 from trunk:

Correct a common misconception: symlink restrictions
are policy restrictions, not security restrictions.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@569020 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/core.html.en b/docs/manual/mod/core.html.en
index 60020d1506b..1a3441a5669 100644
--- a/docs/manual/mod/core.html.en
+++ b/docs/manual/mod/core.html.en
@@ -2280,6 +2280,9 @@ directory</td></tr>
       <p>Note also, that this option <strong>gets ignored</strong> if set
       inside a <code class="directive"><a href="#location">&lt;Location&gt;</a></code>
       section.</p>
+      <p>Omitting this option should not be considered a security restriction,
+      since symlink testing is subject to race conditions that make it
+      circumventable.</p>
       </div></dd>
 
       <dt><code>Includes</code></dt>
@@ -2320,8 +2323,11 @@ directory</td></tr>
       target file or directory is owned by the same user id as the
       link.
 
-      <div class="note"><h3>Note</h3> This option gets ignored if
-      set inside a <code class="directive"><a href="#location">&lt;Location&gt;</a></code> section.</div>
+      <div class="note"><h3>Note</h3> <p>This option gets ignored if
+      set inside a <code class="directive"><a href="#location">&lt;Location&gt;</a></code> section.</p>
+      <p>This option should not be considered a security restriction,
+      since symlink testing is subject to race conditions that make it
+      circumventable.</p></div>
       </dd>
     </dl>
 
diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml
index 52c3f19b18c..ce2698d3bdd 100644
--- a/docs/manual/mod/core.xml
+++ b/docs/manual/mod/core.xml
@@ -2273,6 +2273,9 @@ directory</description>
       <p>Note also, that this option <strong>gets ignored</strong> if set
       inside a <directive type="section" module="core">Location</directive>
       section.</p>
+      <p>Omitting this option should not be considered a security restriction,
+      since symlink testing is subject to race conditions that make it
+      circumventable.</p>
       </note></dd>
 
       <dt><code>Includes</code></dt>
@@ -2313,9 +2316,12 @@ directory</description>
       target file or directory is owned by the same user id as the
       link.
 
-      <note><title>Note</title> This option gets ignored if
+      <note><title>Note</title> <p>This option gets ignored if
       set inside a <directive module="core"
-      type="section">Location</directive> section.</note>
+      type="section">Location</directive> section.</p>
+      <p>This option should not be considered a security restriction,
+      since symlink testing is subject to race conditions that make it
+      circumventable.</p></note>
       </dd>
     </dl>