Thanks Cliff... that was the kind of feedback I was looking for. Guess I'll have to wait for 2.0.
BTW you guys are the greatest! -- Rod On Thursday 25 October 2001 06:21 pm, Cliff Woolley wrote: > On Thu, 25 Oct 2001, Rod Roark wrote: > > Um, how? It's clear that all scripts will run as user apache, > > but the whole point is that if you don't know the other user's > > documentroot name > > Well, I'd kind of missed that you were counting on the 711 directory > permissions. But still... > > > then you can't formulate a malicious request. > > Sure you can. There's an ap_document_root() function, all you need > is the server_rec for that vhost. The list of server_rec's is > static to the core, but if you tried hard enough, I bet you could > find a way to get at it. > > For example, while I haven't actually tried this, I just poked > around in http_vhost.c and it looks like you can change r->hostname > to the host you're interested in, then call > ap_update_vhost_from_headers(r) and then call > ap_document_root(r->server) and you've got the docroot. > > Even if this is broken for some reason (like I say, I didn't > actually try it), there's most likely some other way to do it. This > is security through obscurity at best, unfortunately. :-/ > > --Cliff > > -------------------------------------------------------------- > Cliff Woolley > [EMAIL PROTECTED] > Charlottesville, VA
