httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexei Kosut <ako...@nueva.pvt.k12.ca.us>
Subject Re: WWW Form Bug Report: "test-cgi has security hole" on Solaris 2.x (fwd)
Date Tue, 10 Dec 1996 05:10:59 GMT
On Tue, 10 Dec 1996, Rob Hartill wrote:

> As a follow-on to my previous bug report, test-cgi
> can probably be done much safer this way:
> 
> cat <<EOF
> SERVER_SOFTWARE = $SERVER_SOFTWARE
> ...
> etc
> etc
> EOF
> 
> but this relies on using the Unix shell.

But then, so does set -f. Why don't we just do this the simple way,
and quote all the variables. We should do it anyway, just to be safe.

-- 
________________________________________________________________________
Alexei Kosut <akosut@nueva.pvt.k12.ca.us>      The Apache HTTP Server
URL: http://www.nueva.pvt.k12.ca.us/~akosut/   http://www.apache.org/


Mime
View raw message