303809 – Add configuration option to disable symlink owner check in www-apache/mod_suphp

Bug 303809 - Add configuration option to disable symlink owner check in www-apache/mod_suphp

Summary: Add configuration option to disable symlink owner check in www-apache/mod_suphp

Status:	RESOLVED UPSTREAM

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Server (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2010-02-06 23:33 UTC by Candid Dauth
Modified:	2012-12-15 17:41 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Patch on the sources to add a new configuration setting. (mod_suphp-0.7.1-check-symlink.patch,3.69 KB, patch) 2010-02-06 23:35 UTC, Candid Dauth	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Candid Dauth 2010-02-06 23:33:25 UTC

When you access a symlink through mod_suphp, it checks whether the symlink owner uid/gid matches the target owner uid/gid. If they don’t match, an error is displayed. Depending on your setup, you might want to turn off this check. As the script will be run under the owner of the symlink, this should not impose a security risk.

Reproducible: Always

Steps to Reproduce:

Comment 1 Candid Dauth 2010-02-06 23:35:20 UTC

Created attachment 218761 [details, diff]
Patch on the sources to add a new configuration setting.

This patch adds the new configuration setting check_symlink_ownership.

Comment 2 Doktor Notor 2010-02-27 00:52:39 UTC

As already noted on Bug 303795 Comment #6, similar patches belong upstream.

Comment 3 Pacho Ramos gentoo-dev

2012-12-15 17:41:30 UTC

This needs to be fixed by upstream directly