Login or Register to Ask a Question and Join Our Community


Web Development

Symbol Links amongst Apache's served files, is this a security-don't?

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums Web Development Symbol Links amongst Apache's served files, is this a security-don't?
# 1  
Old 02-10-2010
Question Symbol Links amongst Apache's served files, is this a security-don't?
I read somewhere that you should make sure Apache is configured to not allow symbolic links to be followed outside the webroot, as this can compromise security.

I can imagine how this could lead to a security risk:
eg:
Quote:
I link to a folder I know is safe (has no other links inside of it)
Code:
$ ls -lF /etc/www
blog/
content/
compStuff -> /home/me/web_stuff/

$ ls -lF /home/me/web_stuff/
ascii_file1
ascii_file2

So, because there's no links sitting in /home/me/web_stuff/ I think, "there's no chance the public might end up wandering any further outside the web root than they already have...". The bottom line is really that this is simply bad practice, because over time I may naturally forget that this web_stuff directory is exposed and in turn end up placing symbolic links inside /home/me/web_stuff/
  1. Is my assumption correct? -- Is it nothing more than: "its just bad practice, because it leaves you open to make such above ^ mistakes"? Or is it more technically complicated and truly a direct security threat?
  2. Are all symbolic links bad news inside of Apache served spaces? Eg. what about symbolic links linking to another directory within the web root?
  3. I like symbolic links -- this would be a pain to have to avoid!
Thanks for the help! Smilie
Login or Register to Ask a Question

Previous Thread | Next Thread

6 More Discussions You Might Find Interesting

1. AIX

VIOS backupios -mksysb - does it need to be served by a NIM server ?

working through VIOS backup options. Generally, we store mksysb's on a server and then NFS mount them from it to copy to a VIO optical library, etc. In the case of a VIO backup, I see the -mksysb option to backupios and understand that it doesn't include the NIM resources in the backup. ... (3 Replies)
Discussion started by: maraixadm
3 Replies

2. What is on Your Mind?

How Would You Like Your Loops Served Today?

Scrutinizer and i had a discussion about loops in shell scripts and you might be interested in joining in and share your experiences: i wrote an example script which basically employed the following logic: cat /some/file | while read var ; do echo var = $var # just do... (8 Replies)
Discussion started by: bakunin
8 Replies

3. Solaris

/usr/lib/passwdutil.so.1: symbol __nsl_fgetspent_r: referenced symbol not found

deleteing post (0 Replies)
Discussion started by: dshakey
0 Replies

4. Cybersecurity

Directory of Security Links (Software Tools)

Hello, If you are interested in security, check out this new directory of unix and linux related software tools. Security - Links If you have any of your favorite tools, feel free to add them to the directory. (0 Replies)
Discussion started by: Neo
0 Replies

5. IP Networking

to serve or be served??

I have two machines on my network - one OSX mac and one linux box. The mac is my main workhorse, and the linux box does occasional chores and webserving. Currently the mac shares (via NFS) files with the Liinux box. Would it be less demanding on the mac if I made it a client, and moved my files... (2 Replies)
Discussion started by: mistafeesh
2 Replies

6. Programming

Symbol files

How to generate the symbol file for "C" program which will help me in analysing the core dump. Can any one suggest me the tools to use. I don't whether the gcc has the option to generate symbol file while generating the object code. (1 Reply)
Discussion started by: jkolla
1 Replies
Login or Register to Ask a Question