Re: [expert] apache 1.3.6 and .cgi scripts not in cgi-bin

Stephen Carville Fri, 23 Jul 1999 10:29:15 -0700
On Thu, 22 Jul 1999, you wrote:
-If you haven't changed your httpd.conf, it should be on line 403. Change
-it to: 
-Options Indexes Includes FollowSymLinks ExecCGI

This will work but I disagree with it being the "right" solution.  It
is better to leave the default to the most restrictive settings
reasonable and open them up on a case by case basis.

-RedHat's configuration is pretty insecure by default and I have seen many
-sites get hacked. On Mandrake, I made sure it was easy enough for
-beginners, while secure.
-
-By the way, don't **ever** put a cgi chmoded 777! It's world writable and
-executable, and anyone with knowledge can take control of your cgis if you
-do that. Please, chmod it to 755.

Very good advice.  I "hacked" one of my employers's databases (it's
part of my job :-)  using just this technique.

-Jean-Michel
[EMAIL PROTECTED]
-
-On Thu, 22 Jul 1999, Axalon wrote:
-
-> Date: Thu, 22 Jul 1999 18:33:01 -0600 (MDT)
-> From: Axalon <[EMAIL PROTECTED]>
-> Reply-To: [EMAIL PROTECTED]
-> To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
-> Subject: Re: [expert] apache 1.3.6 and .cgi scripts not in cgi-bin
-> 
-> 
-> Make sure you have a "Options ExecCGI" in the section covering the
-> directory in question.
-> 
-> 
-> On Thu, 22 Jul 1999, Duncan Hall wrote:
-> 
-> > I've uncommented the line in httpd.conf
-> > 
-> > # To use CGI scripts:
-> > AddHandler cgi-script .cgi
-> > 
-> > I'm using apache-1.3.6-50mdk
-> > 
-> > When I try to run a script that is not in the cgi-bin I get the following Error
-> > 
-> > 403
-> > 
-> > Forbidden
-> > 
-> > You don't have permission to access /Weekly/CHARTS/index.cgi on this server.
-> > 
-> > To test it I have chmod 777 but still no luck.
-> > 
-> > Before I get flamed about perl scripts not in cgi-bin, this script is on a secure 
intranet.
-> > 
-> > It worked perfectly on redhat 5.2 with apache 1.3.2
-> > 
-> > Any thoughts
-> > 
-> > Dunc
-> > 
-> > --
-> > //----------------------------------------------------------------
-> > Duncan Hall
-> > SysAdmin/WebMaster
-> > Viator Systems [ http://www.viator.com ]
-> > ... e-commerce systems for the travel industry
-> > tel: +61 2 9361 6137 fax: +61 2 9360 9885
-> > -----------------------------------------------------------------//
-> > 
-> > 
-> > 
->
--
Stephen Carville
--
Operating complicated machinery whilst possessed of the 
cognitive powers of a sea slug and the disposition
of a polar bear with a toothache is very unwise
Re: [expert] apache 1.3.6 and .cgi scripts not in cgi-bin

Reply via email to
