You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Wilfredo Sanchez <ws...@apple.com> on 1998/06/22 08:01:04 UTC

[PATCH] unimportant cgi-bin tweakage

  The following are patches to the cgi-bin directory in the Apache 1.3.0 source tree.  There are two significant changes:

 - I added a first line #!/usr/bin/false to the cgi scripts which are installed,
   since they provide information about the system which a user may not want to
   disclose and the CGI-bin directory may be configured as enabled during
   install.  A comment tells the user to delete the first line in order to
   enable the script.  You don't want these enabled on a production server,
   or a personal machine unless you explicitly need them,

 - Fancier printenv script; displays environment in a simple table, in case
   you're interested in such things.

	-Fred
	 Rhapsody Core Operating Systems Group
	 wsanchez@apple.com, 408.974-5174
	 2 Infinite Loop 302-4K, Cupertino, CA 95014


Index: CoreOS/Services/apache/apache/cgi-bin/printenv
diff -u CoreOS/Services/apache/apache/cgi-bin/printenv:1.1.1.1 CoreOS/Services/apache/apache/cgi-bin/printenv:1.2
--- CoreOS/Services/apache/apache/cgi-bin/printenv:1.1.1.1	Thu Aug 14 11:08:15 1997
+++ CoreOS/Services/apache/apache/cgi-bin/printenv	Sun Jun 21 19:28:30 1998
@@ -1,7 +1,83 @@
-#!/usr/local/bin/perl
+#!/usr/bin/false
+#!/usr/bin/perl -T

-print "Content-type: text/html\n\n";
-while (($key, $val) = each %ENV) {
-	print "$key = $val<BR>\n";
-}
+# Remove '#!/usr/bin/false ' from the above in order to enable
+# this script. It will not work as installed. Do not enable on
+# a production server; we make no claims that this is a secure
+# script.

+##
+# Show CGI Process Environment
+# Wilfredo Sanchez | wsanchez@apple.com
+# Apple Computer, Inc.
+# Wed Oct 15 13:55:32 PDT 1997
+##
+# This perl program shows you how to access the process environment
+#  for CGI programs on your web server.
+# It is also a useful debugging tool, as it shows you all of the
+#  available environment variables.
+##
+
+# CGI programs must print their own HTTP response headers
+print "Content-type: text/html\n";
+print "\n";
+
+# Declare the SGML application as HTML 3.2
+print "<!doctype html public \"-//W3C/DTD HTML 3.2/EN\">\n";
+
+# Begin HTML
+print "<html>\n";
+
+# A minimal document must include a header region with a title
+print "<head>\n";
+print "<link rev=\"made\" href=\"mailto:wsanchez\@apple.com\">"; # Author
+print "<title>CGI Test</title>\n";
+print "</head>\n";
+print "\n";
+
+# Start document body
+print "<body>\n";
+print "\n";
+
+# Put values in a table to readability
+print "<table border>\n";
+print "\n";
+
+# Caption the able
+print " <caption>CGI Environment</caption>\n";
+print "\n";
+
+# Include table headers
+print " <tr>\n";
+print "  <th align=\"right\">\n";
+print "   Variable\n";
+print "  </th>\n";
+print "  <th>\n";
+print "   Value\n";
+print "  </th>\n";
+print " </tr>\n";
+
+# Print each key/value pair as two column in a row
+foreach $key (keys %ENV)
+ {
+  print "\n";
+  print " <tr>\n";
+  print "  <td align=\"right\">\n";
+  print "   $key\n";
+  print "  </td>\n";
+  print "  <td>\n";
+  print "   $ENV{$key}\n";
+  print "  </td>\n";
+  print " </tr>\n";
+ }
+print "\n";
+
+# End table
+print "</table>\n";
+print "\n";
+
+# End document body
+print "</body>\n";
+
+# End HTML
+print "</html>\n";
Index: CoreOS/Services/apache/apache/cgi-bin/test-cgi
diff -u CoreOS/Services/apache/apache/cgi-bin/test-cgi:1.1.1.1 CoreOS/Services/apache/apache/cgi-bin/test-cgi:1.2
--- CoreOS/Services/apache/apache/cgi-bin/test-cgi:1.1.1.1	Thu Aug 14 11:08:15 1997
+++ CoreOS/Services/apache/apache/cgi-bin/test-cgi	Sun Jun 21 22:27:48 1998
@@ -1,3 +1,4 @@
+#!/usr/bin/false
 #!/bin/sh

 # disable filename globbing

Re: [PATCH] unimportant cgi-bin tweakage

Posted by Brian Behlendorf <br...@hyperreal.org>.

At 11:01 PM 6/21/98 -0700, Wilfredo Sanchez wrote:
>  The following are patches to the cgi-bin directory in the Apache 1.3.0
source tree.  There are two significant changes:
>
> - I added a first line #!/usr/bin/false to the cgi scripts which are
installed,
>   since they provide information about the system which a user may not
want to
>   disclose and the CGI-bin directory may be configured as enabled during
>   install.  A comment tells the user to delete the first line in order to
>   enable the script.  You don't want these enabled on a production server,
>   or a personal machine unless you explicitly need them,

Actually, we provide those scripts with the execute bit turned off, based
on the same premise.  That should be sufficient, no?  Or does Rhapsody
execute them anyways?

	Brian


--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
pure chewing satisfaction                                  brian@apache.org
                                                        brian@hyperreal.org