httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Felt <mamf...@gmail.com>
Subject Re: svn commit: r1387984 - /httpd/httpd/trunk/Makefile.win
Date Fri, 21 Sep 2012 14:24:16 GMT
ScriptAlias enabled by default... maybe, this is "yes, but"

In 2.4.X - as in my packaging I have
#LoadModule cgid_module libexec/mod_cgid.so

by default in httpd.conf.

I was getting appropriate errors when I tried to access cgi scripts.

Also, all
"AddHandler" directives (there is one) are commented out.

Unsure of what my 2.2.X package has.

On Fri, Sep 21, 2012 at 2:13 AM, Gregg Smith <gls@gknw.net> wrote:

> On 9/20/2012 4:36 PM, Guenter Knauf wrote:
>
>> Am 20.09.2012 16:56, schrieb Guenter Knauf:
>>
>>> Am 20.09.2012 16:16, schrieb Guenter Knauf:
>>>
>>>> Am 20.09.2012 16:02, schrieb Jeff Trawick:
>>>>
>>>>> We shouldn't have scripts which, out of the box, leak information
>>>>> about the system or configuration.
>>>>>
>>>> ok, I change the script in a way as printenv has (make shebang
>>>> in-active);
>>>>
>>> done:
>>> http://svn.apache.org/viewvc?**rev=1388054&view=rev<http://svn.apache.org/viewvc?rev=1388054&view=rev>
>>>
>> from trunk/Makefile.win line 1043ff:
>>     copy docs\cgi-examples\printenv "$(INSTDIR)\cgi-bin\printenv.**pl<http://printenv.pl>"
>> <.y
>>     -awk -f <<script.awk "docs/cgi-examples/printenv" >
>> "$(INSTDIR)\cgi-bin\printenv.**pl <http://printenv.pl>"
>>     BEGIN {
>>     if ( "perl -e \"print $$^X;\"" | getline perlroot ) {
>>         gsub( /\\/, "/", perlroot );
>>         print "#!" perlroot;
>>     }
>>     }
>>     {
>>     if ( $$0 !~ /^#!/ ) {
>>         print $$0;
>>     }
>>     }
>> <<
>>
>> so this is the place where the shebang gets fixed for printenv.pl thus
>> making it executable unless perl is not in search path ...
>> shouldnt we then remove this part and only copy it unchanged?
>>
>
> These are samples, I think they should be executable. I personally do not
> like the fact that ScriptAlias is enabled by default. I think that is as
> much a concern.
>
> Regards,
> Gregg
>

Mime
View raw message