httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@worldgate.com>
Subject Re: interesting side effect of mime_magic
Date Mon, 11 Aug 1997 17:05:20 GMT
Smart hackers^H^H^H^H^H^H^Hinvestigative people know things like that
anyway and look for such files anyway.  Yes, content negotiation needs to
be examined a bit more with mod_mime_magic I think.

Serves you right for using anything other than the one true editor.  <g>

On Mon, 11 Aug 1997, Brian Behlendorf wrote:

> 
> Continuing the discussion of conneg changes brought about by use of
> mod_mime_magic - I noticed a couple places on hyperreal where I had an
> index.cgi and an index.cgi~ left over from using emacs to edit it.  Before
> mod_mime_magic, the .cgi~ file was always ignored; but now because of
> mod_mime_magic it's a "text/html" document, and in some cases it was sent
> instead of the index.cgi file being executed.  This is /almost/ a security
> problem, since I'm sure most people don't want to give away the source of
> their CGI scripts.  I'm sure there's some sort of configuration I can
> apply, a <Files *~> kind of thing, but for the vast majority who are just
> going to drop 1.3 on top of their current filesystem, this is an issue.
> 
> 	Brian
> 
> 
> --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
> "Why not?" - TL           brian@organic.com - hyperreal.org - apache.org
> 


Mime
View raw message