httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lior Hammer" <l...@lior.ath.cx>
Subject Re: Problem with CGI
Date Mon, 03 Jun 2002 05:33:27 GMT
Do you have a better idea?
i need to use both CGI and normal HTML at the same directory.
----- Original Message -----
From: "Rich Bowen" <rbowen@rcbowen.com>
To: <users@httpd.apache.org>
Sent: Sunday, June 02, 2002 12:24 PM
Subject: Re: Problem with CGI


> On Sun, 2 Jun 2002, Lior Hammer wrote:
>
> > Hello,
> > I have a littele problem with CGI under RedHat Linux 7.2 with Apache
1.3.22
> > i exec these commands:
> >
> > mkdir /perl
> > ln -s /usr/bin/perl /perl/perl
> >
> > Then, i added these lines to my httpd.conf:
> >
> > ScriptAlias /perl_location/ "/perl/"
>
> I'm not real clear on what you *expect* to happen if this were to work
> "correctly", but this is an amazingly bad idea, as it means that I, as a
> random user from the Internet, can pass commands DIRECTLY to your Perl
> interpreter to make it do whatever I like, by, for example, accessing
> the URL on your server:
> http://servername/perl/perl?system(rm%20-rf%20/);
>
> or something of that nature.
>
> This used to be a rather common problem on Windows machines, when folks
> would put perl.exe in their cgi directory, but I have not seen this done
> on Unix systems before.
>
> --
> Pilgrim, how you journey on the road you chose
> To find out where the winds die and where the stories go
>  --Pilgrim (Enya - A Day Without Rain)
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message