Bugtraq mailing list archives

Re: More security problems in Apache on Mac OS X

From: Kee Hinckley <nazgul () somewhere com>
Date: Wed, 12 Sep 2001 02:22:36 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 9:02 AM -0500 9/10/01, Jacques Distler wrote:

Using mod_hfs (which takes care of case-insensitivity in directory names)
and using <FilesMatch> (with well-chosen regular expressions) instead of
<Files> directives (to take care of case-insensitivity in filenames), we can
"cure" the case-insensitivity problem and restore Apache's access controls.


By far the best and safest solution for dealing with the case 
sensitivity issues with Apache on OSX is to only run it on UFS 
volumes.  That avoids the regular expression hacks, and avoids 
security issues around scripting languages (will .epl bring up an 
Embperl file, but .EPL show my internal code?), and avoids the need 
for mod_hfs.

Doesn't fix the .DS_Store problem though.  Good call.


- -- 

Kee Hinckley - Somewhere.Com, LLC
http://consulting.somewhere.com/

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Security 7.0.3

iQA/AwUBO57/eSZsPfdw+r2CEQK69wCfdHxgN1mU+B/LKr+Tdr8CvpDORioAn3EC
aHaYE4Ax3aVZQl5hautf3k6b
=sw5E
-----END PGP SIGNATURE-----

Current thread:

More security problems in Apache on Mac OS X Jacques Distler (Sep 10)
- Re: More security problems in Apache on Mac OS X Eric Bennett (Sep 11)
- Re: More security problems in Apache on Mac OS X Kee Hinckley (Sep 12)
- <Possible follow-ups>
- Re: More security problems in Apache on Mac OS X Paul Lieberman (Sep 11)
  - Re: More security problems in Apache on Mac OS X Jeremey A. Mates (Sep 11)
  - Re: More security problems in Apache on Mac OS X Jeremey A. Mates (Sep 11)