httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aram W. Mirzadeh" <>
Subject Re: WWW Form Bug Report: "Security bug involving ScriptAliased directories" on Linux
Date Thu, 02 Nov 1995 22:43:41 GMT
At 04:29 PM 11/2/95 -0500, you wrote:
>  [really quite extraordinarily deep voodoo code snipped]
>Well, I *tried* to make the comments clear enough...
>  A long long time
>  ago someone mentioned that there was a bug involving problems with
>  slashes which caused script source to be displayed instead of executing
>  the script itself.  Does anyone recall the precise nature of *that*
>  problem.  Did people just fuss until they got bored but didn't get
>  round to fixing the snafu?  Wups. ;{
>I do recall a superficially similar bug --- it involved a single trailing
>slash appended to the *ends* of URIs of scripts which were *not* in
>ScriptAliased directories.  That was fixed both in early Apache builds 
>(as part of my cleanups anticipating the content negotation code), and
>independantly in the late NCSA 1.4 betas preceding their final ship.
>This is a different problem...

Anyone have NCSA 1.4 or 1.5 running?  Is this bug still there? 

Aram W. Mirzadeh, MIS Manager, Qosina Corporation,
Apache httpd server team

View raw message