[3420] in WWW Security List Archive
Re: SSI #exec
daemon@ATHENA.MIT.EDU (Andrei D. Caraman)
Thu Oct 31 07:49:44 1996
Date: Thu, 31 Oct 1996 12:46:46 +0200 (EET)
From: "Andrei D. Caraman" <xax@arkenstone.pub.ro>
To: ben@algroup.co.uk
cc: www-security@ns2.rutgers.edu
In-Reply-To: <9610310939.aa23442@gonzo.ben.algroup.co.uk>
Errors-To: owner-www-security@ns2.rutgers.edu
On Thu, 31 Oct 1996, Ben Laurie wrote:
> > check out
> >
> > http://www.apache.org./docs/core.html#options
> >
> > (ExecCGI is an option, not a directive, as i have previously (mis)stated.)
>
> Yeah. ExecCGI permits execution of CGI scripts. However, IncludesNOEXEC
> prevents _all_ exec commands. I don't see a combination which permits CGI
> but bans other execs.
>
> BTW, ScriptAlias bypasses the ExecCGI mechanism. Not that this helps!
oops, looks like i was wrong. sorry. next time i'll check before
throwing my 2 cents in.
on my server i allow both "exec cgi" and "exec cmd" (all users are
trusted), so i never needed ExecCGI.
regards,
--
Andrei D. Caraman ROEDUNET ---- Bucharest
Webmaster, hostmaster, ftpkeeper, sysadmin & many more
xax@arkenstone.pub.ro http://www.pub.ro/~xax/
- Geek code & PGP key available by WWW -
