Re: Apache + CGI
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, 25 Jul 1997, Glynn Clements wrote:
> Date: Fri, 25 Jul 1997 14:26:23 +0100
> From: Glynn Clements <glynn@sensei.co.uk>
> To: Jakob Borg <jb@k2.lund.se>
> Cc: "<debian-user@lists.debian.org>" <owner-linux-net@vger.rutgers.edu>
> Subject: Re: Apache + CGI
>
>
> Jakob Borg wrote:
>
> > I want to enable the users of my webserver to use certain CGI-scripts
> > (provided by me) by using mod_include.
> > To do that, one would use the tag <!--#exec cgi="/cgi-bin/script" -->,
> > but one could also use the <!--"exec cmd="dangerous.command" -->.
> > That last possiblity is what I want to eliminate. One way would be to
> > remove /bin/sh, which is out of the question. Any other suggestions?
>
> Re-write mod_include to provide extra `Options' directives, to
> complement `Includes' and `IncludesNOEXEC', or contact
> apache-bugs@apache.org suggesting that the feature be added.
I got the impression that IncludesNOEXEC was the feature I needed and
solved my problem. I (my users) can still use the #include virtual="" to
user "legitimate" CGIs. Is that not so?
> Glynn Clements <glynn@sensei.co.uk>
==============================================================
* Jakob Borg
E-mail: jakob@k2.lund.se
Site: http://k2.lund.se/jakob
Fingerprint: 43 81 BC 4D F6 D3 02 AE 9B 07 61 16 BD 06 0C E0
==============================================================
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: cp850
iQCVAwUBM9i1F7qO9bSbxuVpAQG14wP+LZLMfkDfc/vT+2APMqKpcCoKa8ZIuMsR
u0Yc7PlVm0owjDhkTIGRdZdmyC6jKlZg67lqox9LylEmNtDbW6p6YLTheAkKPWuA
IERGBeccAP5qWO33mkH5p81/1Uon9pl1mCIYfTMqciwqaJXsXZbBk4i/+XzFDR+/
ktGOX6C0fVw=
=WS3h
-----END PGP SIGNATURE-----
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: