From 0b8a5e9d456964f2aacb82369e85ad6d8426ae2f Mon Sep 17 00:00:00 2001
From: Joshua Slive <slive@apache.org>
Date: Thu, 23 Aug 2007 14:04:27 +0000
Subject: [PATCH] Correct a common misconception: symlink restrictions are
 policy restrictions, not security restrictions.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@569000 13f79535-47bb-0310-9956-ffa450edef68
---
 docs/manual/mod/core.html.en | 10 ++++++++--
 docs/manual/mod/core.xml     | 10 ++++++++--
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/docs/manual/mod/core.html.en b/docs/manual/mod/core.html.en
index 42165a5f8c..efe2bc5aae 100644
--- a/docs/manual/mod/core.html.en
+++ b/docs/manual/mod/core.html.en
@@ -2217,6 +2217,9 @@ directory</td></tr>
       <p>Note also, that this option <strong>gets ignored</strong> if set
       inside a <code class="directive"><a href="#location">&lt;Location&gt;</a></code>
       section.</p>
+      <p>Omitting this option should not be considered a security restriction,
+      since symlink testing is subject to race conditions that make it
+      circumventable.</p>
       </div></dd>
 
       <dt><code>Includes</code></dt>
@@ -2257,8 +2260,11 @@ directory</td></tr>
       target file or directory is owned by the same user id as the
       link.
 
-      <div class="note"><h3>Note</h3> This option gets ignored if
-      set inside a <code class="directive"><a href="#location">&lt;Location&gt;</a></code> section.</div>
+      <div class="note"><h3>Note</h3> <p>This option gets ignored if
+      set inside a <code class="directive"><a href="#location">&lt;Location&gt;</a></code> section.</p>
+      <p>This option should not be considered a security restriction,
+      since symlink testing is subject to race conditions that make it
+      circumventable.</p></div>
       </dd>
     </dl>
 
diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml
index b0a8914619..c623b7a864 100644
--- a/docs/manual/mod/core.xml
+++ b/docs/manual/mod/core.xml
@@ -2214,6 +2214,9 @@ directory</description>
       <p>Note also, that this option <strong>gets ignored</strong> if set
       inside a <directive type="section" module="core">Location</directive>
       section.</p>
+      <p>Omitting this option should not be considered a security restriction,
+      since symlink testing is subject to race conditions that make it
+      circumventable.</p>
       </note></dd>
 
       <dt><code>Includes</code></dt>
@@ -2254,9 +2257,12 @@ directory</description>
       target file or directory is owned by the same user id as the
       link.
 
-      <note><title>Note</title> This option gets ignored if
+      <note><title>Note</title> <p>This option gets ignored if
       set inside a <directive module="core"
-      type="section">Location</directive> section.</note>
+      type="section">Location</directive> section.</p>
+      <p>This option should not be considered a security restriction,
+      since symlink testing is subject to race conditions that make it
+      circumventable.</p></note>
       </dd>
     </dl>
 
-- 
2.40.0