Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Symbol Links amongst Apache's served files, is this a security-don't?
Top Forums Web Development Symbol Links amongst Apache's served files, is this a security-don't? Post 302394215 by jzacsh on Wednesday 10th of February 2010 07:01:24 PM
Old 02-10-2010
Question Symbol Links amongst Apache's served files, is this a security-don't?
I read somewhere that you should make sure Apache is configured to not allow symbolic links to be followed outside the webroot, as this can compromise security.

I can imagine how this could lead to a security risk:
eg:
Quote:
I link to a folder I know is safe (has no other links inside of it)
Code:
$ ls -lF /etc/www
blog/
content/
compStuff -> /home/me/web_stuff/

$ ls -lF /home/me/web_stuff/
ascii_file1
ascii_file2

So, because there's no links sitting in /home/me/web_stuff/ I think, "there's no chance the public might end up wandering any further outside the web root than they already have...". The bottom line is really that this is simply bad practice, because over time I may naturally forget that this web_stuff directory is exposed and in turn end up placing symbolic links inside /home/me/web_stuff/
  1. Is my assumption correct? -- Is it nothing more than: "its just bad practice, because it leaves you open to make such above ^ mistakes"? Or is it more technically complicated and truly a direct security threat?
  2. Are all symbolic links bad news inside of Apache served spaces? Eg. what about symbolic links linking to another directory within the web root?
  3. I like symbolic links -- this would be a pain to have to avoid!
Thanks for the help! Smilie
 

6 More Discussions You Might Find Interesting

1. Programming

Symbol files

How to generate the symbol file for "C" program which will help me in analysing the core dump. Can any one suggest me the tools to use. I don't whether the gcc has the option to generate symbol file while generating the object code. (1 Reply)
Discussion started by: jkolla
1 Replies

2. IP Networking

to serve or be served??

I have two machines on my network - one OSX mac and one linux box. The mac is my main workhorse, and the linux box does occasional chores and webserving. Currently the mac shares (via NFS) files with the Liinux box. Would it be less demanding on the mac if I made it a client, and moved my files... (2 Replies)
Discussion started by: mistafeesh
2 Replies

3. Cybersecurity

Directory of Security Links (Software Tools)

Hello, If you are interested in security, check out this new directory of unix and linux related software tools. Security - Links If you have any of your favorite tools, feel free to add them to the directory. (0 Replies)
Discussion started by: Neo
0 Replies

4. Solaris

/usr/lib/passwdutil.so.1: symbol __nsl_fgetspent_r: referenced symbol not found

deleteing post (0 Replies)
Discussion started by: dshakey
0 Replies

5. What is on Your Mind?

How Would You Like Your Loops Served Today?

Scrutinizer and i had a discussion about loops in shell scripts and you might be interested in joining in and share your experiences: i wrote an example script which basically employed the following logic: cat /some/file | while read var ; do echo var = $var # just do... (8 Replies)
Discussion started by: bakunin
8 Replies

6. AIX

VIOS backupios -mksysb - does it need to be served by a NIM server ?

working through VIOS backup options. Generally, we store mksysb's on a server and then NFS mount them from it to copy to a VIO optical library, etc. In the case of a VIO backup, I see the -mksysb option to backupios and understand that it doesn't include the NIM resources in the backup. ... (3 Replies)
Discussion started by: maraixadm
3 Replies

LEARN ABOUT MOJAVE

apache::testhandler

Apache::TestHandler(3)					User Contributed Perl Documentation				    Apache::TestHandler(3)

NAME

       Apache::TestHandler - a few response handlers and helpers

SYNOPSIS

	   package My::Test;
	   use Apache::TestHandler ();
	   sub handler {
	       my ($r) = @_;
	       my $result = do_my_test;
	       Apache::TestHandler::ok1 $r, $result;
	   }

	   sub handler2 {
	       my ($r) = @_;
	       my $result = do_my_test;
	       Apache::TestHandler::ok $r, $result;
	   }

DESCRIPTION

       "Apache::TestHandler" provides 2 very simple response handler.

FUNCTIONS

       ok $r, $boolean
	   The handler simply prints out "ok" or "not ok" depending on the optional $boolean parameter.

	   If $boolean is omitted "true" is assumed.

       ok1 $r, $boolean
	   This handler implements a simple response-only test. It can be used on its own to check if for a certain URI the response phase is
	   reached. Or it can be called like a normal function to print out the test result. The client side is automatically created as described
	   in <http://perl.apache.org/docs/general/testing/testing.html#Developing_Response_only_Part_of_a_Test>.

	   $boolean is optional. If omitted "true" is assumed.

       same_interp_counter
       same_interp_fixup
	   TODO

SEE ALSO

       The Apache-Test tutorial: <http://perl.apache.org/docs/general/testing/testing.html>.

       Apache::Test.

AUTHOR

       Doug MacEachern, Geoffrey Young, Stas Bekman, Torsten Foertsch and others.

       Questions can be asked at the test-dev <at> httpd.apache.org list For more information see: http://httpd.apache.org/test/.

perl v5.18.2							    2015-06-18						    Apache::TestHandler(3)
All times are GMT -4. The time now is 07:46 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy