[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Apache + CGI

At 11:41 AM 23/07/97 +0001, Jakob Borg wrote:
>I want to enable the users of my webserver to use certain CGI-scripts
>(provided by me) by using mod_include.
>To do that, one would use the tag <!--#exec cgi="/cgi-bin/script" -->,
>but one could also use the <!--"exec cmd="dangerous.command" -->.
>That last possiblity is what I want to eliminate. One way would be to
>remove /bin/sh, which is out of the question. Any other suggestions?

This question is more Apache specific rather than Debian itself, but ...

What you need to do is disable all ExecCGI options in the configuration
except for anything that _you_ install under /usr/lib/cgi-bin .  There
should be heaps of documentation about that at http://www.apache.org and in
the actualy config files itself.


Karl Ferguson
Tower Networking Pty Ltd   Tel: +61 8 9456 0000     karl@tower.net.au
t/a STAR Online Services   Fax: +61 8 9455 2776     karl@debian.org

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: