httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lewis Watson" <>
Subject Re: [users@httpd] Re: CGI - Disable #!/bin/sh
Date Sun, 24 Nov 2002 00:31:45 GMT
----- Original Message -----
From: "Steve" <>
To: <>
Sent: Saturday, November 23, 2002 6:08 PM
Subject: [users@httpd] Re: CGI - Disable #!/bin/sh

> Hi,
>      How do u stop a client from using like
>  ---hack.cgi---
>  #!/bin/sh
>  echo "Cat all files in user2 dir"
>  cat /home/web/users/user2/web/*
>  --hack.cgi---
>  This will allow someone to cat all the files of a user2's dir. Because
>  the files need to be readable by all for the webserver user www to be
>  to read the files this user will be able to read the files also..
>  Is there anyway of making cgi to stay in its own directory and not
>  to go out of it.. or to stop it from running /bin/bash or something like
>  that so it cant view other users files..
>  /Steve

Hi Steve.
Suexec should do what you want..

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message