Re: Apache + CGI
At 11:41 AM 23/07/97 +0001, Jakob Borg wrote:
>I want to enable the users of my webserver to use certain CGI-scripts
>(provided by me) by using mod_include.
>To do that, one would use the tag <!--#exec cgi="/cgi-bin/script" -->,
>but one could also use the <!--"exec cmd="dangerous.command" -->.
>That last possiblity is what I want to eliminate. One way would be to
>remove /bin/sh, which is out of the question. Any other suggestions?
This question is more Apache specific rather than Debian itself, but ...
What you need to do is disable all ExecCGI options in the configuration
except for anything that _you_ install under /usr/lib/cgi-bin . There
should be heaps of documentation about that at http://www.apache.org and in
the actualy config files itself.
Tower Networking Pty Ltd Tel: +61 8 9456 0000 email@example.com
t/a STAR Online Services Fax: +61 8 9455 2776 firstname.lastname@example.org
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
Trouble? e-mail to email@example.com .