After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 326702 - symbolic links does not appear in a webdav client.
symbolic links does not appear in a webdav client.
Status: RESOLVED NOTGNOME
Product: gnome-user-share
Classification: Core
Component: general
0.9
Other All
: Normal normal
: ---
Assigned To: gnome-user-share maintainers
gnome-user-share maintainers
: 630402 733583 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2006-01-12 09:38 UTC by Frej Soya
Modified: 2014-07-23 10:08 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description Frej Soya 2006-01-12 09:38:01 UTC
Please describe the problem:
Even if you enable "Options FollowSymlinks" the link does not show up in the
parent directory.

However if you specify the path it works.
This is probably a mod_dav limitation/bug ?
Apache 2.0.52



Steps to reproduce:
1. Create symlink 'softlink' to another directory
2. Add Options FollowSymlinks
3. reload gnome-user-share




Actual results:
You can acces it with ip:port/softlink but softlink does not show up in /

Expected results:
Symbolic link shown.

Does this happen every time?
yes

Other information:
This is needed when you want to share data that already exists and don't want to
copy them. 
Another solution to this problem could allow sharing of any/multiple dirs
instead of a fixed one.
Comment 1 Zack Cerza 2006-03-12 00:21:57 UTC
I see this too. In its current state, it's not useful to me :(
Comment 2 Alexander Larsson 2006-04-19 10:45:38 UTC
Allowing symlinks out of the Public folder is a sort of security risk though. You'd need to allow the httpd to read files outside of it, which means you can probably trick it to read /etc/passwd.
Comment 3 Baptiste Mille-Mathias 2008-12-24 07:32:45 UTC
Following Alex's comment, shouldn't we close this bug as WONTFIX?
Comment 4 Bastien Nocera 2008-12-25 15:53:47 UTC
FollowSymlinks is obviously out of the question, but using "SymLinksIfOwnerMatch" could be useful, and remove that security problem (mostly).

2 changes to make:
- use SymLinksIfOwnerMatch in the default configuration
- refuse to launch http sharing if root
Comment 5 Bastien Nocera 2009-01-13 14:07:14 UTC
In httpd/modules/dav/fs/repos.c
        /* ### for now, only process regular files (e.g. skip symlinks) */
        if (fsctx->info1.finfo.filetype == APR_REG) {

Filed upstream:
https://issues.apache.org/bugzilla/show_bug.cgi?id=46521
Comment 6 Alexander Larsson 2009-03-09 12:05:49 UTC
Even allowing symlinks to the users homedir but outside ~/Public is debatable. For instance, if public is writable anyone can put a symlink to ../.mozilla and start reading the users stored passwords and cookies.
Comment 7 Bastien Nocera 2010-09-23 12:25:06 UTC
*** Bug 630402 has been marked as a duplicate of this bug. ***
Comment 8 Fabian Greffrath 2010-09-30 08:05:19 UTC
(In reply to comment #6)
> Even allowing symlinks to the users homedir but outside ~/Public is debatable.
> For instance, if public is writable anyone can put a symlink to ../.mozilla and
> start reading the users stored passwords and cookies.

I agree that there is a security issue, but please leave it at least configurable by the user. You could add a big, fat, ugly warning that enabling symlinks in the ~/Public folder might impose a severe security risk and should only be done in private environments, but leave it optional to enable it nevertheless.

Please don't expect me to duplicate several GB of my ~/Pictures folder just to make them shared across my private home network!
Comment 9 Bastien Nocera 2010-09-30 10:08:39 UTC
(In reply to comment #8)
> (In reply to comment #6)
> > Even allowing symlinks to the users homedir but outside ~/Public is debatable.
> > For instance, if public is writable anyone can put a symlink to ../.mozilla and
> > start reading the users stored passwords and cookies.
> 
> I agree that there is a security issue, but please leave it at least
> configurable by the user. You could add a big, fat, ugly warning that enabling
> symlinks in the ~/Public folder might impose a severe security risk and should
> only be done in private environments, but leave it optional to enable it
> nevertheless.

Given that the httpd WebDav module ignores symlinks, even if we wanted, we couldn't make it work without fixing mod_dav. See the bug mentioned above.
Comment 10 Bastien Nocera 2014-07-23 10:08:08 UTC
*** Bug 733583 has been marked as a duplicate of this bug. ***