httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: [VOTE] Apache 2.2.6, 2.0.61 and 1.3.39 release candidate tarballs for review
Date Wed, 05 Sep 2007 20:26:28 GMT
William A. Rowe, Jr. wrote:
> Jorge Schrauwen wrote:
>> I don't have any cgi scripts so I tried to get the printenv test-cgi
>> file to work.
>> I get 500 and error_log has this.
>>
>> [Wed Sep 05 20:44:36 2007] [error] [client 87.66.74.14
>> <http://87.66.74.14>] Premature end of script headers: printenv.pl
>> [Wed Sep 05 20:50:24 2007] [error] [client 87.66.74.14
>> <http://87.66.74.14>] Premature end of script headers: test.cgi
> 
> Researching!  Would you share which version of Windows?

Well, not windows apparently, on win32 we only install printenv.pl
(presuming no /bin/sh on that platform to 'test.cgi').  Without perl,
of course printenv.pl won't run either (and you may need to tweak the
shebang line appropriately after install).  If you have a faux-unix
shell, you can try out test.cgi after you tweak its shebang line.

AND /cgi-bin/printenv.pl is working, no hassle for me, here with 2.2.6.
(Were you testing that, or 2.0.61, or 1.3.39?)

On unix, we don't set these as executable out of the box.  Toggle the
perms to 755 and tell us what happens.

All such scripts are inherently xss-able with bullshit utf-7 auto-detection
by our least favorite, most anamorphic user agent, so it actually isn't
a good idea to enable them by default for a production server.

Bill

Mime
View raw message