Quoting Phillip Hofmeister <[EMAIL PROTECTED]>: > I believe your justification can be found:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=218188 > I'm not saying I agree fully with it...but I do understand it... Given that some of the affected directives can be used in .htaccess files, the potential for an ordinary user to exploit this is there. This allows access to the user the Apache work processes run as. Not much, but depending on local setup, this can be harmful. So I believe it should be fixed. Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | "Violence is the resort of the violent" Lu Tze | | "Thief of Time", Terry Pratchett | ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
