xenxor
04-14-2009, 09:30 AM
Given the Example virtual host which has
* VH_ROOT at /opt/lsws/DEFAULT
* DOC_ROOT at /opt/lsws/DEFAULT/html
* Follow Symbolic Link is YES
* Restrained is YES
Under DOC_ROOT, i created a file test.txt which is a symlink to /www/test.txt (a file outside VH_ROOT). regardless, of the ownership match, i was able to access the test.txt file. I thought the Restrained option would prevent this since it is outside the VH_ROOT.
System is:
FreeBSD 6.3 32-bit
LiteSpeed 4.0.1 Standard
Litespeed running as lsws (uid:800 gid:800)
* VH_ROOT at /opt/lsws/DEFAULT
* DOC_ROOT at /opt/lsws/DEFAULT/html
* Follow Symbolic Link is YES
* Restrained is YES
Under DOC_ROOT, i created a file test.txt which is a symlink to /www/test.txt (a file outside VH_ROOT). regardless, of the ownership match, i was able to access the test.txt file. I thought the Restrained option would prevent this since it is outside the VH_ROOT.
System is:
FreeBSD 6.3 32-bit
LiteSpeed 4.0.1 Standard
Litespeed running as lsws (uid:800 gid:800)