httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 13290] New: - Apache 1.3.26 attempts to exec any file matching /.*\.cgi\..*/
Date Fri, 04 Oct 2002 13:30:44 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13290>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13290

Apache 1.3.26 attempts to exec any file matching /.*\.cgi\..*/

           Summary: Apache 1.3.26 attempts to exec any file matching
                    /.*\.cgi\..*/
           Product: Apache httpd-1.3
           Version: 1.3.26
          Platform: PC
               URL: http://www.submonkey.net/apache/see
        OS/Version: FreeBSD
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: mod_cgi
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: setantae@submonkey.net


See http://www.submonkey.net/apache/see.

The directory apache/see at the website mentioned in the URL contains the 
following hard links to the same file:

{setantae@shaft}-{~/submonkey.net/apache/see} $ ls -l
total 5
1 -rw-r--r--  5 setantae  users  21 Oct  4 14:19 file.cgi
1 -rw-r--r--  5 setantae  users  21 Oct  4 14:19 file.cgi.
1 -rw-r--r--  5 setantae  users  21 Oct  4 14:19 file.cgi.no
1 -rw-r--r--  5 setantae  users  21 Oct  4 14:19 file.cgino
1 -rw-r--r--  5 setantae  users  21 Oct  4 14:19 file_cgino

There are no special options turned on in this directory.
In httpd.conf, an AddHandler cgi-script .cgi applies to the entire site.

Apache will attempt to execute the first three files as CGI scripts.
(With my configuration this fails, since ExecCGI is not on in this directory).
The second two files are served as text/plain which is what I would expect.

I have attempted to resolve this problem by changing the AddHandler statement 
to "AddHandler cgi-script .cgi$", but this makes no difference.

I believe the bug (if this is a bug) lies within mod_cgi.c or mod_mime.c, but I 
can't see where this would be (I admit to not fully following the module api).

I can provide my httpd.conf, but I think the above is enough to show that this 
is not a configuration issue, so I've ommitted it for now to avoid noise.

Thanks,

Ceri

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message