Re: Apache + CGI

To: Jakob Borg <jb@k2.lund.se>
Cc: debian-user@lists.debian.org
Subject: Re: Apache + CGI
From: Glynn Clements <glynn@sensei.co.uk>
Date: Sat, 26 Jul 1997 05:29:05 +0100
Message-id: <[🔎] 199707260429.FAA00741@cerise.sensei.co.uk>
In-reply-to: <[🔎] Pine.LNX.3.96.970725141317.7479A-100000@k2.lund.se>
References: <199707251326.OAA02097@cerise.sensei.co.uk> <[🔎] Pine.LNX.3.96.970725141317.7479A-100000@k2.lund.se>

Jakob Borg wrote:

> I got the impression that IncludesNOEXEC was the feature I needed and
> solved my problem. I (my users) can still use the #include virtual="" to
> user "legitimate" CGIs. Is that not so?

The mod_include documentation says this:

   include
          This command inserts the text of another document or file into
          the parsed file. Any included file is subject to the usual  
          access control. If the directory containing the parsed file has
          the Option IncludesNOEXEC set, and the including the document 
          would cause a program to be executed, then it will not be
          included; this prevents the execution of CGI scripts. Otherwise
          CGI scripts are invoked as normal using the complete URL given
          in the command, including any query string.                   

This gives me the impression that you can't disable `exec' without
disabling `include=<CGI script>'.

Try it and see.

-- 
Glynn Clements <glynn@sensei.co.uk>


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- Re: Apache + CGI
  - From: Jakob Borg <jb@k2.lund.se>

Prev by Date: Re: "From:" Field in Mutt and (Ex)mh
Next by Date: Re: Bugs in 1.3.1 Debian packages
Previous by thread: Re: Apache + CGI
Next by thread: taper/can't type
Index(es):
- Date
- Thread