Re: WWW Form Bug Report: "arbitrary cgi access???" on Irix

[Rob Hartill <ro...@imdb.com>]

Hmmm, that doesn't sounds good does it.

I'll pass the information on to the developers list for investigation.

thanks,
rob

david@magnet.com wrote:
>
>Submitter: david@magnet.com
>Operating system: Irix, version: 
>Version of Apache Used: 1.1.1
>Extra Modules used: referer_log_module agent_log_module status_module info_module anon_auth_module cookies_module
>URL exhibiting problem: http://www.irc.umbc.edu/~joanna/test.cgi
>
>Symptoms:
>--
>I ran into a nasty little surprise this evening.
>By default, any user which creates a ".cgi" file
>or program in their areas can generate full CGI
>programs.  This is w/o having the 
>
>	#AddHandler cgi-script .cgi
>
>script uncommented in the srm.conf.  The only
>way to stop this is to remove the .cgi mapping in
>the mime-types file.
>
>Since I still want to be able to do .cgi in 
>some directories, this is inconvenient.  Anyways,
>it also seems that any user can define their
>own .htaccess file and override these settings
>anyways, regardless of the AllowOverride options.
>
>Please help!
>--
>
>Backtrace:
>--
>
>--


-- 
Rob Hartill (robh@imdb.com)    
http://www.imdb.com/  ... why wait for a clear night to see the stars?.