Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 597 invoked from network); 5 Sep 2007 20:51:17 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 5 Sep 2007 20:51:17 -0000 Received: (qmail 48654 invoked by uid 500); 5 Sep 2007 20:51:10 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 48569 invoked by uid 500); 5 Sep 2007 20:51:10 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 48557 invoked by uid 99); 5 Sep 2007 20:51:10 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Sep 2007 13:51:09 -0700 X-ASF-Spam-Status: No, hits=2.0 required=10.0 tests=HTML_MESSAGE,NORMAL_HTTP_TO_IP,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of jorge.schrauwen@gmail.com designates 64.233.182.191 as permitted sender) Received: from [64.233.182.191] (HELO nf-out-0910.google.com) (64.233.182.191) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Sep 2007 20:51:07 +0000 Received: by nf-out-0910.google.com with SMTP id d21so1705707nfb for ; Wed, 05 Sep 2007 13:50:46 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=q8dHEoioDMCN4ZYMrGI2LllNkucg6e+g6ycBu5pdzq7QJMTgEBI2YjAVPnFfWwmRsGkRI7YnZYTHoLZywfM2xygmn4alLdYBOhJnv6MMIUGAnM0CK/ddb6xHnRi6waSkIpya91HKS6hr1Dp1KfaBWgg8aQzcy5QLMfF2PNuf5SA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=cg8E23rZfkpz6XFQxW34jQd5rc0Dq2stJA1QhMcJTvjdeU2TBXr8P/I9MnCwYgu0kYIse/0YPNj+1rBXsn58cSkrmdBXUvx9SHqa3WdCNHiLUxiyXZTv2fdkBZRZodQVfd7ki8Ta2KfL3jE3Pol1nYBpSXwXs+qDsa7GzrGLA14= Received: by 10.78.150.7 with SMTP id x7mr5602909hud.1189025445586; Wed, 05 Sep 2007 13:50:45 -0700 (PDT) Received: by 10.78.195.12 with HTTP; Wed, 5 Sep 2007 13:50:45 -0700 (PDT) Message-ID: <43e40e000709051350k4d3d09fbx54f989084ff0e71e@mail.gmail.com> Date: Wed, 5 Sep 2007 22:50:45 +0200 From: "Jorge Schrauwen" To: dev@httpd.apache.org Subject: Re: [VOTE] Apache 2.2.6, 2.0.61 and 1.3.39 release candidate tarballs for review In-Reply-To: <46DF10F4.3040601@rowe-clan.net> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_48826_23247805.1189025445525" References: <003801c7efde$ea9526d0$0100a8c0@mother> <004701c7efdf$373d7af0$0100a8c0@mother> <364F06D4-87EC-4C5E-A3C9-1545BB3DFAEB@jaguNET.com> <4E293980-7E42-4FA1-A949-8E7A830F8E4C@jaguNET.com> <43e40e000709051152n4fedee16r1597d3ec74b2d4f4@mail.gmail.com> <46DF073D.3000603@rowe-clan.net> <46DF10F4.3040601@rowe-clan.net> X-Virus-Checked: Checked by ClamAV on apache.org ------=_Part_48826_23247805.1189025445525 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline On 9/5/07, William A. Rowe, Jr. wrote: > > William A. Rowe, Jr. wrote: > > Jorge Schrauwen wrote: > >> I don't have any cgi scripts so I tried to get the printenv test-cgi > >> file to work. > >> I get 500 and error_log has this. > >> > >> [Wed Sep 05 20:44:36 2007] [error] [client 87.66.74.14 > >> ] Premature end of script headers: printenv.pl > >> [Wed Sep 05 20:50:24 2007] [error] [client 87.66.74.14 > >> ] Premature end of script headers: test.cgi > > > > Researching! Would you share which version of Windows? Well, not windows apparently, on win32 we only install printenv.pl > (presuming no /bin/sh on that platform to 'test.cgi'). Without perl, > of course printenv.pl won't run either (and you may need to tweak the > shebang line appropriately after install). If you have a faux-unix > shell, you can try out test.cgi after you tweak its shebang line. > > AND /cgi-bin/printenv.pl is working, no hassle for me, here with 2.2.6. > (Were you testing that, or 2.0.61, or 1.3.39?) Yes printenv.pl is working on windows... I was testing it on mod_cgid on my gentoo box though. On unix, we don't set these as executable out of the box. Toggle the > perms to 755 and tell us what happens. I'll give it a try.... Yep that did the trick. So mod_cgid seems to be working fine. Sry for the false alarm... I don't usage much cgi so I have rather limited experience with them. All such scripts are inherently xss-able with bullshit utf-7 auto-detection > by our least favorite, most anamorphic user agent, so it actually isn't > a good idea to enable them by default for a production server. > > Bill > -- ~Jorge ------=_Part_48826_23247805.1189025445525 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline On 9/5/07, William A. Rowe, Jr. <wrowe@rowe-clan.net> wrote:
William A. Rowe, Jr. wrote:
> Jorge Schrauwen wrote:
>> I don't have any cgi scripts so I tried to get the printenv test-cgi
>> file to work.
>> I get 500 and error_log has this.
>>
>> [Wed Sep 05 20:44:36 2007] [error] [client 87.66.74.14
>> <http://87.66.74.14>] Premature end of script headers: printenv.pl
>> [Wed Sep 05 20:50:24 2007] [error] [client 87.66.74.14
>> <http://87.66.74.14>] Premature end of script headers: test.cgi
>
> Researching!  Would you share which version of Windows?


Well, not windows apparently, on win32 we only install printenv.pl
(presuming no /bin/sh on that platform to 'test.cgi').  Without perl,
of course printenv.pl won't run either (and you may need to tweak the
shebang line appropriately after install).  If you have a faux-unix
shell, you can try out test.cgi after you tweak its shebang line.

AND /cgi-bin/printenv.pl is working, no hassle for me, here with 2.2.6.
(Were you testing that, or 2.0.61, or 1.3.39?)

Yes printenv.pl is working on windows... I was testing it on mod_cgid on my gentoo box though.
 

On unix, we don't set these as executable out of the box.  Toggle the
perms to 755 and tell us what happens.

I'll give it a try....
Yep that did the trick. So mod_cgid seems to be working fine.
Sry for the false alarm... I don't usage much cgi so I have rather limited experience with them.

All such scripts are inherently xss-able with bullshit utf-7 auto-detection
by our least favorite, most anamorphic user agent, so it actually isn't
a good idea to enable them by default for a production server.

Bill



--
~Jorge ------=_Part_48826_23247805.1189025445525--