Re: Weak documentation on Module mod_include (fwd)

[Rodent of Unusual Size <co...@decus.org>]

>From the fingers of Rob Hartill flowed the following:
>
>This looks worrying. Anyone setup to do a quick test of this ?

    Bear in mind that he's talking 1.1.  As I recall, there have been
    quite a few changes in this area for 1.2..  My systems aren't back
    yet, so I can't test this - and I don't think I have a 1.1 server
    running anyway.

>Date: Tue, 27 May 1997 21:02:47 +0200
>From: Peder Langlo <pe...@hpbbse.bbn.hp.com>
>
>In http://www.apache.org/docs/mod/mod_include.html:
>
>exec 
>     The exec command executes a given shell command or CGI script. The
>     IncludesNOEXEC Option disables this command completely. The valid
>attributes
>     are: 
>.
>.
>.
>     cmd 
>         The server will execute the given string using /bin/sh. The
>include
>         variables are available to the command. 
>
>--
>I can make cmd be executed in the document directory by saying "./cmd"
>but not "cmd". Also, it will not be run in /bin/sh if cmd has the
>"#!path-to-shell" in the first line.

    If he means that this works even if IncludesNoExec is set for the
    directory in question, yes it looks like a problem.  If he means
    that he needs to put "./" in front of the command, it looks like a
    simple invalid assumption (his) about the setting of PATH.

    /bin/sh will hand a script off appropriately according to the magic
    cookie.  It's still being started under /bin/sh's auspices, so
    that's not inaccurate.

    #ken    :-/}

Re: Weak documentation on Module mod_include (fwd)

[Rob Hartill <ro...@imdb.com>]

On Tue, 27 May 1997, Rodent of Unusual Size wrote:

> >From the fingers of Rob Hartill flowed the following:
> >
> >This looks worrying. Anyone setup to do a quick test of this ?
> 
>     Bear in mind that he's talking 1.1.

ack. I missed that.

Serves him right then.


--
Rob Hartill                              Internet Movie Database (Ltd)
http://www.moviedatabase.com/   .. a site for sore eyes.