httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <br...@organic.com>
Subject Re: mirrors and SSIs
Date Thu, 03 Jul 1997 20:12:52 GMT
At 09:33 AM 7/2/97 -0500, Randy Terbush wrote:
>> On Tue, 1 Jul 1997, Ben Laurie wrote:

[SSI's considered harmful?]

>> Define safe.
>> 
>> <!--#include file="/etc/passwd">
>> 
>> Safe, yes.  Safe, no.
>
>That does not work.

Indeed, it appears file="" can't pull anything not in the same directory or
below.  So, I contend it does not represent a security risk, and
"IncludesNoExec" can be safely run by mirror sites.

	Brian


--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
"Why not?" - TL                brian@organic.com - hyperreal.org - apache.org

Mime
View raw message