[20988] in bugtraq
FW: Mac OS X - Apache & Case Insensitive
daemon@ATHENA.MIT.EDU (hostmaster@qpp.co.uk)
Tue Jun 12 16:22:51 2001
Message-Id: <TFSOTTLE@qpp.co.uk>
From: hostmaster@qpp.co.uk
Date: Mon, 11 Jun 2001 18:41:10 +0000
To: bugtraq@securityfocus.com
Receipt-Requested-To: hostmaster@qpp.co.uk
MIME-version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Tested against Apache 1.3.20 on Windows 98 SE (has case insensitive fs)
appears not to be vulnerable.
> Summary:
>
>
> The preferred filesystem for Mac OS X is Apple's HFS+ and most
> setups use it. HFS+ is a case insensitive filesystem.
>
>
> Apache's directory protection (and other methods that depend on
> filesystem object names) cannot handle this and breaks. For example,
> both Directory and Location configuration options break.
>
>
>
> Preferred solution:
>
>
> Modification to Apache so that it does a check for the 'real'
> filename. This probably needs some support from the underlying
> operating system.
>
>
> Or Apple should submit their HFS+ patches to the Apache Software
> Foundation or install the mod_hfs_apple.so module on OS X Client.
Looks like the win32 coding types at apache already whacked this problem.
Wonder how it was done there ??
Regards,
Mark Ng,
Network Manager,
Quantum Business Media
