[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Apache suEXEC privilege elevation / information disclosure
> for doing this features in httpd.conf you can use AllowOverride None instead
> of AllowOverride all
AllowSymlinks is a red herring here (hardlinks should do, unless you
have stuff partitioned in a very thoughtful way, which most don't),
similarly to suexec.
In general, sharing web hosting providers that allow shell access or
scripting are pretty much boned in a myriad of ways.