httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 52494] allow the Action directive to point in the filesystem space
Date Sun, 22 Jan 2012 01:23:47 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=52494

--- Comment #1 from Christoph Anton Mitterer <calestyo@scientia.net> 2012-01-22 01:23:47
UTC ---
A note to the last point:
Currently there are some CGI script (interperters) who add some security on
their own here.
E.g. the CGI version from PHP checks (if some options are set) whether it was
invoked via a redirect and executes only then.

In principle this would be a basic safety measure for _all_ CGI-scripts that
are interpreters (and therefore used with the Action directive).
Having a Action directive that allows hiding the interpreter from the client,
would make this "useless",.. well at least it would secure all interpreters
that don't secure themselves as PHP does.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message