Date: 10 May 2002 01:00:42 +0100 From: Paul Richards <paul@freebsd-services.com> To: "Andrey A. Chernov" <ache@nagual.pp.ru> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/www/apache13 Makefile Message-ID: <1020988842.45396.7.camel@lobster.originative.co.uk> In-Reply-To: <20020509192940.GA6915@nagual.pp.ru> References: <200205090212.g492CF336407@freefall.freebsd.org> <1020956755.76738.59.camel@lobster.originative.co.uk> <20020509192940.GA6915@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 2002-05-09 at 20:29, Andrey A. Chernov wrote: > On Thu, May 09, 2002 at 16:05:55 +0100, Paul Richards wrote: > > On Thu, 2002-05-09 at 04:12, Andrey A. Chernov wrote: > > > ache 2002/05/08 19:12:15 PDT > > > > > > Modified files: > > > www/apache13 Makefile > > > Log: > > > chmod a+x cgi-bin.default example scripts > > > > They are deliberately not executable when installed for security > > reasons. They are just examples only. > > There is no sense to keep non-working examples, it only confuse peoples. > There is no security issues with this two scripts. Are you going to audit them for all future releases? They also expose information about the server. The key point though, is that the Apache project deliberately doesn't install these so they can't possibly cause any problems. What benefit is there to having these toy CGI examples actually work other than in creating a potential security risk ? -- Paul Richards | FreeBSD DVD releases and merchandise. FreeBSD Services Ltd | Hardware, support and development. http://www.freebsd-services.com | Domain names and mail/web hosting. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1020988842.45396.7.camel>