Re: Apache + CGI

To: Jakob Borg <jb@k2.lund.se>, debian-user@lists.debian.org
Subject: Re: Apache + CGI
From: Karl Ferguson <karl@tower.net.au>
Date: Thu, 24 Jul 1997 01:16:23 +0800
Message-id: <[🔎] 3.0.1.32.19970724011623.007f16c0@tower.net.au>
In-reply-to: <[🔎] Pine.LNX.3.96.970723113801.17605B-100000@k2.lund.se>

At 11:41 AM 23/07/97 +0001, Jakob Borg wrote:
>I want to enable the users of my webserver to use certain CGI-scripts
>(provided by me) by using mod_include.
>To do that, one would use the tag <!--#exec cgi="/cgi-bin/script" -->,
>but one could also use the <!--"exec cmd="dangerous.command" -->.
>That last possiblity is what I want to eliminate. One way would be to
>remove /bin/sh, which is out of the question. Any other suggestions?

This question is more Apache specific rather than Debian itself, but ...

What you need to do is disable all ExecCGI options in the configuration
except for anything that _you_ install under /usr/lib/cgi-bin .  There
should be heaps of documentation about that at http://www.apache.org and in
the actualy config files itself.

Regards

--
Karl Ferguson
Tower Networking Pty Ltd   Tel: +61 8 9456 0000     karl@tower.net.au
t/a STAR Online Services   Fax: +61 8 9455 2776     karl@debian.org


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- Apache + CGI
  - From: Jakob Borg <jb@k2.lund.se>

Prev by Date: Re: Swap Space
Next by Date: Re: PD: VERY BIZARRE Xperience...
Previous by thread: Apache + CGI
Next by thread: Re: Apache + CGI
Index(es):
- Date
- Thread