httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Wilson <>
Subject Re: WWW Form Bug Report: "Security bug involving ScriptAliased directories" on Linux
Date Thu, 02 Nov 1995 21:41:56 GMT
>   [really quite extraordinarily deep voodoo code snipped]
> Well, I *tried* to make the comments clear enough...

Yeah, but I still had to read them to understand ;)

>   A long long time
>   ago someone mentioned that there was a bug involving problems with
>   slashes which caused script source to be displayed instead of executing
>   the script itself.  Does anyone recall the precise nature of *that*
>   problem.  Did people just fuss until they got bored but didn't get
>   round to fixing the snafu?  Wups. ;{
> I do recall a superficially similar bug --- it involved a single trailing
> slash appended to the *ends* of URIs of scripts which were *not* in
> ScriptAliased directories.  That was fixed both in early Apache builds 
> (as part of my cleanups anticipating the content negotation code), and
> independantly in the late NCSA 1.4 betas preceding their final ship.
> This is a different problem...

As I thought.

> rst


View raw message