httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: svn commit: r264623 - in /httpd/httpd/trunk: CHANGES modules/generators/mod_cgid.c
Date Mon, 29 Aug 2005 21:16:20 GMT
On Monday 29 August 2005 21:12, wrowe@apache.org wrote:
> Author: wrowe
> Date: Mon Aug 29 13:12:43 2005
> New Revision: 264623
>
> URL: http://svn.apache.org/viewcvs?rev=264623&view=rev
> Log:
>
>   Correct mod_cgid's argv[0] so that the full path can be delved by the
>   invoked cgi application, to conform to the behavior of mod_cgi.

I see your comment on bugzilla about bringing it into line with mod_cgi.
But isn't this the wrong way round?  CGI gets its system info from the
CGI environment variables, and exposing the full path in argv[0] smells
of a possible security issue if paths above DocumentRoot are out of
bounds.

-- 
Nick Kew

Mime
View raw message