[Bug 811428] Re: Apache does not honor -FollowSymlinks due to TOCTOU, which allows access to /proc/<pid>/ files
Stefan Fritsch
sf at sfritsch.de
Sun Jul 24 17:57:59 UTC 2011
This is an unsupported use-case of Apache httpd and I am pretty sure it
won't be changed upstream. And I don't think Ubuntu or Debian should
deviate from that, see http://seclists.org/oss-sec/2011/q3/111
** Changed in: apache2 (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
https://bugs.launchpad.net/bugs/811428
Title:
Apache does not honor -FollowSymlinks due to TOCTOU, which allows
access to /proc/<pid>/ files
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/811428/+subscriptions
More information about the Ubuntu-server-bugs
mailing list