httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <>
Subject Re: WWW Form Bug Report: "arbitrary cgi access???" on Irix
Date Thu, 19 Sep 1996 09:29:12 GMT

Hmmm, that doesn't sounds good does it.

I'll pass the information on to the developers list for investigation.

rob wrote:
>Operating system: Irix, version: 
>Version of Apache Used: 1.1.1
>Extra Modules used: referer_log_module agent_log_module status_module info_module anon_auth_module
>URL exhibiting problem:
>I ran into a nasty little surprise this evening.
>By default, any user which creates a ".cgi" file
>or program in their areas can generate full CGI
>programs.  This is w/o having the 
>	#AddHandler cgi-script .cgi
>script uncommented in the srm.conf.  The only
>way to stop this is to remove the .cgi mapping in
>the mime-types file.
>Since I still want to be able to do .cgi in 
>some directories, this is inconvenient.  Anyways,
>it also seems that any user can define their
>own .htaccess file and override these settings
>anyways, regardless of the AllowOverride options.
>Please help!

Rob Hartill (  ... why wait for a clear night to see the stars?.

View raw message