httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From (Robert S. Thau)
Subject Re: WWW Form Bug Report: "Security bug involving ScriptAliased directories" on Linux
Date Thu, 02 Nov 1995 21:29:03 GMT
  [really quite extraordinarily deep voodoo code snipped]

Well, I *tried* to make the comments clear enough...

  A long long time
  ago someone mentioned that there was a bug involving problems with
  slashes which caused script source to be displayed instead of executing
  the script itself.  Does anyone recall the precise nature of *that*
  problem.  Did people just fuss until they got bored but didn't get
  round to fixing the snafu?  Wups. ;{

I do recall a superficially similar bug --- it involved a single trailing
slash appended to the *ends* of URIs of scripts which were *not* in
ScriptAliased directories.  That was fixed both in early Apache builds 
(as part of my cleanups anticipating the content negotation code), and
independantly in the late NCSA 1.4 betas preceding their final ship.

This is a different problem...


View raw message