httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: [PATCH] again (might solve PR#2354)
Date Sat, 20 Jun 1998 08:53:11 GMT
You know, we should actually put in a more verbose test in
mod_cgi/util_script to check for the x bit... and if it's missing print a
log message saying "execute permissions required" or something like that.

I'd still like to see the /usr/local/bin/perl thing fixed.

I'm somewhat neutral on having the x bit right. 

Dean

On Sat, 20 Jun 1998, Alvaro Martinez Echevarria wrote:

> On Fri, 19 Jun 1998, Ralf S. Engelschall wrote:
> 
> > When I remember correctly we don't _WANT_ to install these scripts correctly.
> > The reason is that CGI scripts always lead to problems (not to say CERT
> > messages ;-) in the past and thus it was wise to let the user "enable" them
> > manually by fixing the permissions. Right?
> 
> The security concern would exist if fixing the permissions made
> the CGIs work. But that is not the case: the default configuration
> has the "ScriptAlias" directive commented out, so a simple "chmod +x"
> won't let anybody use the CGIs. So where's the problem? It will
> just make it easier for John Newuser. And if you really don't
> _WANT_ to set the proper permissions, at least document it
> somewhere, for example in the config: "CGIs without execution
> permission won't work, and the test scripts are installed without
> it".
> But anyway, there's another change included in the patch that is
> even less questionable: printenv has a weird "#!/usr/local/bin/perl"
> as it first line, and this makes it fail on many systems: if you
> access to it the server generates a "500 Internal server error"
> and reports "Premature end of script headers" in the error log.
> The patch changes this to substitute the real location of perl
> for "/usr/local/bin/perl".
> Regards.
> 
> .------------------------------------------------------------------.
> |   Alvaro Martínez Echevarría   |      LANDER SISTEMAS            |
> |        alvaro@lander.es        |      Pº Castellana, 121         |
> `--------------------------------|      28046 Madrid, SPAIN        |
>                                  |      Tel: +34-91-5562883        |
>                                  |      Fax: +34-91-5563001        |
>                                  `---------------------------------'
> 
> 


Mime
View raw message