httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ralf S. Engelschall" <...@engelschall.com>
Subject Re: [PATCH] again (might solve PR#2354)
Date Fri, 19 Jun 1998 14:59:57 GMT

In article <Pine.LNX.3.96.980619122940.12012A-200000@leon.lander.es> you wrote:

> If 1.3.1 is due for release in a couple of days, I'd ask you guys
> to take a look at this little patch, that I suspect nobody
> reviewed when I sent it nine days ago. Yeah, this time I put the
> string "[PATCH]" in the subject, and I didn't forget the
> attachment, but it didn't work out either ;-). The CHANGES:

>   *) Changed the top Makefile.tmpl to install the test CGIs with
>      execute permission, and to replace the "#!" header of printenv
>      with the correct location of perl. [Alvaro Martinez Echevarria]

> When I looked at PR#2354, I realized that right now the test CGIs
> are not installed with execute permission, and also that printenv
> does the risky assumption that perl is in '/usr/local/bin/perl'
> (this last one is probably the cause behind the PR). Please note
> that even if the CGIs are installed with +x permissions, they are
> not configured in by default, so there shouldn't be any security
> concern about this. These changes are minimal, and could probably
> help newbie apache users.

When I remember correctly we don't _WANT_ to install these scripts correctly.
The reason is that CGI scripts always lead to problems (not to say CERT
messages ;-) in the past and thus it was wise to let the user "enable" them
manually by fixing the permissions. Right?

                                       Ralf S. Engelschall
                                       rse@engelschall.com
                                       www.engelschall.com

Mime
View raw message