httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: <!--#exec cmd --> without Options +ExecCGI?
Date Thu, 26 Feb 1998 01:08:11 GMT
Actually I meant that there's a PR that gets rid of the silly #exec cmd
behaviour.

Dean

On Wed, 25 Feb 1998, Marc Slemko wrote:

> On Wed, 25 Feb 1998, Dean Gaudet wrote:
> 
> > There's a PR in the database that fixes this questionable behaviour.  It's
> > ancient, and probably suspended.
> > 
> > (suspended PRs == ignored PRs, unfortunately)
> 
> No, they just mean no one knows what to do.  The issue with this one is
> that it is explicitly denied for what claims to be security reasons or
> something.  There may be more impact than just this to changing it.
> 
> > 
> > Dean
> > 
> > On Wed, 25 Feb 1998, Marc Slemko wrote:
> > 
> > > On Wed, 25 Feb 1998, Martin Kraemer wrote:
> > > 
> > > > On my linux box at home, I can execute commands without an explicit
> > > > Options +ExecCGI anywhere around. Is that intentional?
> > > > I thought it should be forbidden...
> > > 
> > > The way it is currently is correct, because exec cmd has nothing to do
> > > with CGIs.
> > > 
> > > The only bogon I am aware of in that area is that IncludesNOEXEC does not
> > > currently allow AddHandler'd CGIs to be run by include virtual but only
> > > allows ScriptAliased ones.  IncludesNOEXEC should still allow include
> > > virtual to include things that would be run as CGIs if accessed directly
> > > anyway.
> > > 
> > > > The only Options configured are
> > > >     Options Indexes FollowSymLinks
> > > > 
> > > >     Martin
> > > > -- 
> > > > | S I E M E N S |  <Martin.Kraemer@mch.sni.de>  |      Siemens Nixdorf
> > > > | ------------- |   Voice: +49-89-636-46021     |  Informationssysteme
AG
> > > > | N I X D O R F |   FAX:   +49-89-636-44994     |   81730 Munich, Germany
> > > > ~~~~~~~~~~~~~~~~My opinions only, of course; pgp key available on request
> > > > 
> > > 
> > > 
> > 
> 
> 


Mime
View raw message