enterprise-support team mailing list archive

Thread
Date

[Bug 811428] Re: Apache does not honor -FollowSymlinks due to TOCTOU, which allows access to /proc/<pid>/ files

To: enterprise-support@xxxxxxxxxxxxxxxxxxx
From: Stefan Fritsch <sf@xxxxxxxxxxx>
Date: Sun, 24 Jul 2011 17:57:59 -0000
Reply-to: Bug 811428 <811428@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This is an unsupported use-case of Apache httpd and I am pretty sure it
won't be changed upstream. And I don't think Ubuntu or Debian should
deviate from that, see http://seclists.org/oss-sec/2011/q3/111

** Changed in: apache2 (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to apache2 in Ubuntu.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/811428

Title:
  Apache does not honor -FollowSymlinks due to TOCTOU, which allows
  access to /proc/<pid>/ files

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/811428/+subscriptions