You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Lars Eilebrecht <sf...@unix-ag.org> on 1997/07/08 17:10:02 UTC
mod_include/840: Bogus error_log entry
>Number: 840
>Category: mod_include
>Synopsis: Bogus error_log entry
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: apache (Apache HTTP Project)
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Tue Jul 8 08:10:02 1997
>Originator: sfx@unix-ag.org
>Organization:
apache
>Release: 1.2.0
>Environment:
Linux 2.0 i586
>Description:
If someones uses (by mistake) something like this:
<!--#exec cmd="/path/to/dir"-->
the following entry appears in the error_log:
"/bin/sh: /path/to/dir: is a directory"
Without a leading date-entry and without a clue what
include the invalid CGI reference contains.
This also happens if the command is not executable (due
to permissions).
>How-To-Repeat:
>Fix:
Use stat on the supplied command-path and check permisions
before calling /bin/sh
>Audit-Trail:
>Unformatted: