On Monday 29 August 2005 21:12, [EMAIL PROTECTED] wrote: > Author: wrowe > Date: Mon Aug 29 13:12:43 2005 > New Revision: 264623 > > URL: http://svn.apache.org/viewcvs?rev=264623&view=rev > Log: > > Correct mod_cgid's argv[0] so that the full path can be delved by the > invoked cgi application, to conform to the behavior of mod_cgi.
I see your comment on bugzilla about bringing it into line with mod_cgi. But isn't this the wrong way round? CGI gets its system info from the CGI environment variables, and exposing the full path in argv[0] smells of a possible security issue if paths above DocumentRoot are out of bounds. -- Nick Kew
