From owner-freebsd-bugs Fri Aug 3 10:10: 8 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 949D237B409 for ; Fri, 3 Aug 2001 10:10:00 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id f73HA0O44000; Fri, 3 Aug 2001 10:10:00 -0700 (PDT) (envelope-from gnats) Received: from relay3-gui.server.ntli.net (relay3-gui.server.ntli.net [194.168.4.200]) by hub.freebsd.org (Postfix) with ESMTP id 095F437B405 for ; Fri, 3 Aug 2001 10:01:13 -0700 (PDT) (envelope-from setantae@submonkey.net) Received: from m258-mp1-cvx1b.bri.ntl.com ([62.255.9.2] helo=rhadamanth.hounds) by relay3-gui.server.ntli.net with esmtp (Exim 3.03 #2) id 15Si4i-00048j-00 for FreeBSD-gnats-submit@freebsd.org; Fri, 03 Aug 2001 17:45:25 +0100 Received: from setantae by rhadamanth.hounds with local (Exim 3.22 #1) id 15SiLE-0000JO-00 for FreeBSD-gnats-submit@freebsd.org; Fri, 03 Aug 2001 18:02:28 +0100 Message-Id: Date: Fri, 03 Aug 2001 18:02:28 +0100 From: setantae Reply-To: setantae To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: misc/29414: http://www.uk.freebsd.org/cgi lets anyone view the cgi programs Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 29414 >Category: misc >Synopsis: http://www.uk.freebsd.org/cgi lets anyone view the cgi programs >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Fri Aug 03 10:10:00 PDT 2001 >Closed-Date: >Last-Modified: >Originator: setantae >Release: FreeBSD 4.4-PRERELEASE i386 >Organization: >Environment: System: FreeBSD rhadamanth.hounds 4.4-PRERELEASE FreeBSD 4.4-PRERELEASE #4: Fri Aug 3 12:49:51 BST 2001 root@rhadamanth.hounds:/usr/obj/usr/src/sys/RHADAMANTH i386 >Description: www.uk.freebsd.org has the incorrect config regarding the /cgi directory. Visiting http://www.uk.freebsd.org/cgi gives a directory index, and choosing any of the files therein shows you the source code instead of the output of their execution. Other mirrors do not allow directory indexing on that part of the site. In addition, www3.uk.freebsd.org allows you to view the source of any script in /cgi if you already know it's name. All other mirrors I have tried also allow this, though none other than www.uk.freebsd.org allow directory indexing. >How-To-Repeat: Visit http://www.uk.freebsd.org/cgi in a browser. >Fix: i) Change the way that mirroring works so that all mirrors redirect to www.freebsd.org/cgi for these ? ii) Produce guidelines regarding httpd configuration for mirror sites ? >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message