Date: Tue, 20 Aug 1996 13:34:53 -0700 (PDT) From: Ulf Zimmermann <ulf@Lamb.net> To: freebsd-isp@FreeBSD.ORG Subject: Re: Weird Apache problem Message-ID: <199608202034.NAA22995@Gatekeeper.Lamb.net> In-Reply-To: <Pine.BSF.3.91.960820143220.9410B-100000@www.trifecta.com> from Dev Chanchani at "Aug 20, 96 02:33:55 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Hi. Speaking of weird problems. I was falling about a problem and I am not sure if I am too stupid :) or there is a bug. If it is a bug, I would put it into security bug bucket. I have the following access.conf: <snip> # This should be changed to whatever you set DocumentRoot to. <Directory /usr/local/www/data> Options Indexes IncludesNOEXEC FollowSymLinks <Limit GET> order allow,deny allow from all </Limit> </Directory> <snip> As this shows I set IncludesNOEXEC, which should allow me to do Server Side Includes, but no CGI-BIN or external programs. Now I have here this webpage: <html> <head> <title>Ulf's empty homepage</title> </head> <body> I have no time to make something up here, but I would like to give you some links to memory specs:) <p> ..... [Stuff deleted] <hr> <!--#config timefmt="Updated %B %e, %Y at %H:%M (%Z)" --> <!--#exec cgi="/cgi-bin/pagecount" --><br> <!--#echo var="LAST_MODIFIED" --><br> <hr> <pre><!--#exec cmd="ls -als /tmp" --></pre><br> </body> </html> ------ As you see I have 1 CGI, 1 external program and 1 ECHO. If I know access this via http://server/ulf/index.html, the server executes the ECHO and don't allow the CGI and external program. It gives a message like "An error occured while executing this directive" But now, if I access this page via http://server/~ulf/index.html it executes everything regardless of "Option IncludeNOEXEC". Has anyone seens this too? Open for everything. And yes you can call me stupid, if it is in the manual, but I couldn't find anything. I looked into the source code and I think it might be a bug. Ulf. :) --------------------------------------------------------------------- Ulf Zimmermann, 1525 Pacific Ave., Alameda, CA-94501, #: 510-865-0204 Lamb Art Internet Services || http://www.Lamb.net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608202034.NAA22995>