Steffen Dettmer wrote:
FollowSymLinks ist eine Sicherheitslücke!
Könntest Du das bitte etwas genauer beschreiben?
Hier ist eine EMail, an die ich mich erinnern konnte. Irgendwo wurde noch auf diese Sicherheitslücke hingewiesen. Grübel... Aus der suse-security von rolf.krahl@gmx.net (Rolf Krahl): Message-ID: <7sdbaq$1l2$1@nuomi.home.informatik.uni-bremen.de> References: <Pine.LNX.3.96.990824173608.10852C-100000@ook.connect.ie> <37C2E8E2.E7AAA299@java-factory.com> <37C3B3FD.816DA2@ruhr-uni-bochum.de> <003f01bef4ea$8ff9f400$1400a8c0@ashane.com> <19990902114600.D22734@suse.de> <7rjkgm$h7o$2@nuomi.home.informatik.uni-bremen.de> <19990920115004.M13968@suse.de> <199909202126.JAA14275@andromeda.elec.canterbury.ac.nz> Rolf Krahl wrote:
In article <199909202126.JAA14275@andromeda.elec.canterbury.ac.nz>, Volker Kuhlmann <kuhlmav@elec.canterbury.ac.nz> writes:
This is definitely a reasonable idea. I will change this in the next major release of SuSE Linux. However I prefer an Alias to a symlink.
By default, apache will not follow symlinks, at least not to outside the main document root. This is at least the default Red Hat 6.0 setup, and should be the default setup for any good distribution.
Well, if i'm not badly wrong with my files, SuSE 6.2 default configuration does allow to follow symlinks. /etc/httpd/httpd.conf:
| # First, we configure the "default" to be a very restrictive set of | # permissions. | # | <Directory /> | Options FollowSymLinks | AllowOverride None | </Directory>
The alias therefore seems a much better idea. Or does that have to be in the main document root too?
Nope. You can set an alias to point to wherever you want. To quote /etc/httpd/httpd.conf again as example:
| Alias /icons/ "/usr/local/httpd/icons/" | | [...] | | Alias /hilfe/ /usr/doc/susehilf/ | Alias /doc/ /usr/doc/ | Alias /cgi-bin-sdb/ /usr/local/httpd/cgi-bin/ | Alias /sdb/ /usr/doc/sdb/
(BTW, i'd remove the alias for /doc/. There is a lot of stuff in /usr/doc and only quite a few of it is suitable to be offered from the local http server.)
To the alias versus symlink discussion: I think they are pros and contras for both of them. Symlinks are more flexible (no need to change the httpd-configuration to change them). But i think the main advantage is that they are more obvious: You can see in the directory that they are there. (I still remember how long i once tried to figure out why the links on my server were broken after an upgrade to a new SuSE version, when they added the "/doc/" aliases quoted above. I had a "doc" directory in my document root ...) I think this is also a security concern. I'd like to know how many people with a standard SuSE configuration actually *know* that they are offering their whole /usr/doc tree to their clients.
The main disadvantage of setting a symlink that i can see is that you have to allow to follow symlinks in your configuration.
The programs in our cgi-bin should all be harmless. However I will change the permissions in secure and paranoid settings to 000.
I'd place no example scripts at all in the cgi-bin. I'd place them in the apache documentation under /usr/doc/packages/apache so that anyone willing to experiment with them may chose to copy them manually to the cgi-bin.
In the ideal case, the cgi-bin should left empty in order to separate locally installed scripts from those that comes with the distribution.
Tschau, Reimond -- Reimond Rombey, Burg 37, D-79733 Görwihl http://www.rombey.de - rombey website design http://www.kreativtechnik.de - Kreativtechnik --------------------------------------------------------------------- To unsubscribe, e-mail: suse-linux-unsubscribe@suse.com For additional commands, e-mail: suse-linux-help@suse.com