httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alvaro Martinez Echevarria <alvaro-ht...@lander.es>
Subject Re: [PATCH] CGIs not working (PR#2354)
Date Wed, 10 Jun 1998 23:42:46 GMT
On Wed, 10 Jun 1998, Manoj Kasichainula wrote:

> On Wed, Jun 10, 1998 at 11:01:06PM +0200, Alvaro Martinez Echevarria wrote:
> > -both of the test CGIs are installed without execute permissions
> >  by "make install", so if you want to use them you need to
> >  manually do chmod. Shouldn't the installation do that?
> 
> Although I don't know if this was the reasoning, it is probably not a
> good idea to enable any preinstalled CGI scripts by default, because
> it could lead to problems like the old phf bugs if security holes are
> found. If webmasters have to explicitly enable these scripts (which
> are only useful for testing anyway), they are much more likely to
> disable them when holes are found.

On the default configuration CGIs will not be enabled just by setting
execute permission, because the ScriptAlias directive is
commented out in srm.conf and src.conf.default. The problem comes
out if you set it up to allow CGIs: it won't work until you don't
chmod (and that's not documented anywhere, I think).
Regards.

.------------------------------------------------------------------.
|   Alvaro Martínez Echevarría   |      LANDER SISTEMAS            |
|        alvaro@lander.es        |      Pº Castellana, 121         |
`--------------------------------|      28046 Madrid, SPAIN        |
                                 |      Tel: +34-91-5562883        |
                                 |      Fax: +34-91-5563001        |
                                 `---------------------------------'


Mime
View raw message