On 07/20/2006 02:04 PM, Joe Orton wrote:
> > I think it's a *very* bad idea to imply that SymLinksIfOwnerMatch is a > security feature. > > If you did want to call this a "security feature" then you also need to > fix the big fat race condition inbetween all those nice careful stat() > calls and the default handler going to open the file. Which I doubt > would be simple to say the least. > > I'd stay well clear of the word "security" here. I adjusted the svn log message (http://svn.apache.org/viewvc?view=rev&revision=423886) and removed the word SECURITY from the CHANGES file (http://svn.apache.org/viewvc?view=rev&revision=424084). I hope this addresses your concerns. Regards RĂ¼diger
