From owner-freebsd-fs@FreeBSD.ORG Sat May 23 17:51:34 2009 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3D9171065673 for ; Sat, 23 May 2009 17:51:34 +0000 (UTC) (envelope-from icy@lighttpd.net) Received: from cryosphere.de (cryosphere.de [84.16.251.106]) by mx1.freebsd.org (Postfix) with ESMTP id 04EDB8FC13 for ; Sat, 23 May 2009 17:51:34 +0000 (UTC) (envelope-from icy@lighttpd.net) Received: from [192.168.0.13] (95-91-123-179-dynip.superkabel.de [95.91.123.179]) by cryosphere.de (Postfix) with ESMTPA id 30B0D8809F for ; Sat, 23 May 2009 19:36:11 +0200 (CEST) Message-Id: From: icy@lighttpd.net To: freebsd-fs@freebsd.org Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v930.3) Date: Sat, 23 May 2009 19:36:10 +0200 X-Mailer: Apple Mail (2.930.3) Subject: *stat()-ing symlinks with trailing slashes X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 May 2009 17:51:34 -0000 In lighttpd, the decision to process a request as fastcgi or static file is configured by specifying either a prefix or suffix to match on the requested path. For example you say "if path ends with .php, process as fastcgi". In order to find the correct file, lighty needs to open()/stat() various combinations. Suppose you have a script foo.php and request something like /foo.php/. Then lighty needs to look for the file (dir) /foo.php/ and if not present, /foo.php (php script with / as PATH_INFO). A normal request will first hit a ENOTDIR for /foo.php/ and then succeed at /foo.php (matching the suffix .php) and getting served as fastcgi. Now suppose you have a symbolic link bar.php linked to foo.php and request /bar.php/ Without the bug in question, it should behave like the first example but as it is now, the open("/bar.php/") succeeds, will not match the suffix .php and therefor get served as a static file (sending out the source code). Lighty assumes that there can't be regular files that end in a / (and even resolve to the same file without the slash). We tested various systems and found that FreeBSD, OSX and Solaris < 10 are affected. Linux, Open/Net/DragonflyBSD, Solaris 10 are not affected. I'm sure there are other applications (webservers), which too have a problem with the described behaviour.