httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: [PATCH] mod_include 1.3.x - limiting EXEC to a certain directory
Date Sun, 13 Feb 2000 17:07:00 GMT
On Fri, 28 Jan 2000, Simon Huggins wrote:

> Hi,
> 
> A while ago (just before the new year) I wrote a patch for Apache 1.3.9
> to limit executable includes to one directory (or any directories off
> that).
> 
> The rationale was that we (Black Cat Networks) wanted to allow people to
> include *our* scripts in a specific directory but didn't want people to
> include random executables on our system.

Why not just use IncludesNoEXEC then tell your users to "include
virtual" something in a ScriptAliased directory?

IncludesNoEXEC allows that just fine.  All it prevents is the user
executing things that wouldn't normally be treated as CGIs.  Yes,
there is a longstanding bug that makes it not work in non-ScriptAliased
directories.


Mime
View raw message