Bug 1006640
Summary: | [ASF Bugzilla – Bug 45959] SSI include ignores SymlinkIfOwnerMatch directive | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Yukihiko Sawanobori <sawanoboriyu> |
Component: | httpd | Assignee: | Luboš Uhliarik <luhliari> |
Status: | CLOSED NOTABUG | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 5.10 | CC: | jorton |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-09-30 07:16:17 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Yukihiko Sawanobori
2013-09-11 01:44:01 UTC
Yukihiko-san, Thank you for taking the time to enter a bug report with us. You mentioned the word "vulnerability", but as described in the documentation, "SymlinksIfOwnerMatch" is not a security feature. There are no plans to address this in Red Hat Enterprise Linux 5. http://httpd.apache.org/docs/2.2/mod/core.html#options We appreciate the feedback and look to use reports such as this to guide our efforts at improving our products. That being said, this bug tracking system is not a mechanism for requesting support, and we are not able to guarantee the timeliness or suitability of a resolution. If this issue is critical or in any way time sensitive, please raise a ticket through your regular Red Hat support channels to make certain it receives the proper attention and prioritization to assure a timely resolution. For information on how to contact the Red Hat production support team, please visit: https://www.redhat.com/support/process/production/#howto |