-----BEGIN PGP SIGNED MESSAGE----- On Fri, 25 Jul 1997, Glynn Clements wrote:
> Date: Fri, 25 Jul 1997 14:26:23 +0100 > From: Glynn Clements <[EMAIL PROTECTED]> > To: Jakob Borg <[EMAIL PROTECTED]> > Cc: "<debian-user@lists.debian.org>" <[EMAIL PROTECTED]> > Subject: Re: Apache + CGI > > > Jakob Borg wrote: > > > I want to enable the users of my webserver to use certain CGI-scripts > > (provided by me) by using mod_include. > > To do that, one would use the tag <!--#exec cgi="/cgi-bin/script" -->, > > but one could also use the <!--"exec cmd="dangerous.command" -->. > > That last possiblity is what I want to eliminate. One way would be to > > remove /bin/sh, which is out of the question. Any other suggestions? > > Re-write mod_include to provide extra `Options' directives, to > complement `Includes' and `IncludesNOEXEC', or contact > [EMAIL PROTECTED] suggesting that the feature be added. I got the impression that IncludesNOEXEC was the feature I needed and solved my problem. I (my users) can still use the #include virtual="" to user "legitimate" CGIs. Is that not so? > Glynn Clements <[EMAIL PROTECTED]> ============================================================== * Jakob Borg E-mail: [EMAIL PROTECTED] Site: http://k2.lund.se/jakob Fingerprint: 43 81 BC 4D F6 D3 02 AE 9B 07 61 16 BD 06 0C E0 ============================================================== -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: cp850 iQCVAwUBM9i1F7qO9bSbxuVpAQG14wP+LZLMfkDfc/vT+2APMqKpcCoKa8ZIuMsR u0Yc7PlVm0owjDhkTIGRdZdmyC6jKlZg67lqox9LylEmNtDbW6p6YLTheAkKPWuA IERGBeccAP5qWO33mkH5p81/1Uon9pl1mCIYfTMqciwqaJXsXZbBk4i/+XzFDR+/ ktGOX6C0fVw= =WS3h -----END PGP SIGNATURE----- -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
