www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lars Eilebrecht <...@unix-ag.org>
Subject mod_include/840: Bogus error_log entry
Date Tue, 08 Jul 1997 15:10:02 GMT

>Number:         840
>Category:       mod_include
>Synopsis:       Bogus error_log entry
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue Jul  8 08:10:02 1997
>Originator:     sfx@unix-ag.org
>Release:        1.2.0
Linux 2.0 i586
If someones uses (by mistake) something like this:

 <!--#exec cmd="/path/to/dir"-->

the following entry appears in the error_log:

"/bin/sh: /path/to/dir: is a directory"

Without a leading date-entry and without a clue what
include the invalid CGI reference contains.

This also happens if the command is not executable (due
to permissions).


Use stat on the supplied command-path and check permisions
before calling /bin/sh

View raw message