httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@worldgate.com>
Subject Re: <!--#exec cmd --> without Options +ExecCGI?
Date Thu, 26 Feb 1998 01:52:03 GMT
On Wed, 25 Feb 1998, Dean Gaudet wrote:

> Well then why doesn't it behave that way?  :)

_now_ read my earlier message about no one having a clue.  <g>

> 
> Dean
> 
> On Wed, 25 Feb 1998, Marc Slemko wrote:
> 
> > On Wed, 25 Feb 1998, Dean Gaudet wrote:
> > 
> > > PR#697
> > 
> > But that proposes an unnecessary and needless new option.
> > 
> > There is no need for IncludesNOCMD because the way IncludesNOEXEC is
> > _supposed_ to work is that you can use include virtual to run things which
> > are treated as CGIs anyway.  
> > 
> > > 
> > > Dean
> > > 
> > > On Wed, 25 Feb 1998, Marc Slemko wrote:
> > > 
> > > > On Wed, 25 Feb 1998, Dean Gaudet wrote:
> > > > 
> > > > > Actually I meant that there's a PR that gets rid of the silly #exec
cmd
> > > > > behaviour.
> > > > 
> > > > Oh?  But... but... there is no silly exec cmd behaviour.  What it does
is
> > > > correct.  What PR is this?
> > > > 
> > > > > 
> > > > > Dean
> > > > > 
> > > > > On Wed, 25 Feb 1998, Marc Slemko wrote:
> > > > > 
> > > > > > On Wed, 25 Feb 1998, Dean Gaudet wrote:
> > > > > > 
> > > > > > > There's a PR in the database that fixes this questionable
behaviour.  It's
> > > > > > > ancient, and probably suspended.
> > > > > > > 
> > > > > > > (suspended PRs == ignored PRs, unfortunately)
> > > > > > 
> > > > > > No, they just mean no one knows what to do.  The issue with
this one is
> > > > > > that it is explicitly denied for what claims to be security
reasons or
> > > > > > something.  There may be more impact than just this to changing
it.
> > > > > > 
> > > > > > > 
> > > > > > > Dean
> > > > > > > 
> > > > > > > On Wed, 25 Feb 1998, Marc Slemko wrote:
> > > > > > > 
> > > > > > > > On Wed, 25 Feb 1998, Martin Kraemer wrote:
> > > > > > > > 
> > > > > > > > > On my linux box at home, I can execute commands
without an explicit
> > > > > > > > > Options +ExecCGI anywhere around. Is that intentional?
> > > > > > > > > I thought it should be forbidden...
> > > > > > > > 
> > > > > > > > The way it is currently is correct, because exec cmd
has nothing to do
> > > > > > > > with CGIs.
> > > > > > > > 
> > > > > > > > The only bogon I am aware of in that area is that
IncludesNOEXEC does not
> > > > > > > > currently allow AddHandler'd CGIs to be run by include
virtual but only
> > > > > > > > allows ScriptAliased ones.  IncludesNOEXEC should
still allow include
> > > > > > > > virtual to include things that would be run as CGIs
if accessed directly
> > > > > > > > anyway.
> > > > > > > > 
> > > > > > > > > The only Options configured are
> > > > > > > > >     Options Indexes FollowSymLinks
> > > > > > > > > 
> > > > > > > > >     Martin
> > > > > > > > > -- 
> > > > > > > > > | S I E M E N S |  <Martin.Kraemer@mch.sni.de>
 |      Siemens Nixdorf
> > > > > > > > > | ------------- |   Voice: +49-89-636-46021 
   |  Informationssysteme AG
> > > > > > > > > | N I X D O R F |   FAX:   +49-89-636-44994 
   |   81730 Munich, Germany
> > > > > > > > > ~~~~~~~~~~~~~~~~My opinions only, of course;
pgp key available on request
> > > > > > > > > 
> > > > > > > > 
> > > > > > > > 
> > > > > > > 
> > > > > > 
> > > > > > 
> > > > > 
> > > > 
> > > > 
> > > 
> > 
> > 
> 


Mime
View raw message