Re: [cgiwrap-users] (no subject)
Brought to you by:
nneul
Menu
▾
▴
Re: [cgiwrap-users] (no subject)
|
From: Steven H. <st...@ha...> - 2001-12-09 18:44:29
|
On 09/12/2001 22:50, Bryan Ross wrote: >Hi Steven, > >I had a look at your patch, and it does appear to offer a solution to my >problems. A few questions however; > >1/ I've changed my config from rewrite rules over to >use VirtualDocumentRoot. Everything seems to be working okay, apart from >when I run scripts, the 'DOCUMENT_ROOT' environment variable seems to >default to /usr/htdocs. Very strange, seem as though the webserver must be >working out the correct root to run the script in the first place. I >assume this will cause problems with your patch. Any ideas? yes this is normal apache behaviour. i have another patch to apache for this. please take a look at http://steven.haryan.to/apache/ (the proper_docroot patch). >2/ Will your patch work with the latest version of cgiwrap, or do you have >an alternative patch available? i haven't updated my patch. the newer cgiwrap fixes cross-site scripting issue, but since my cgiwrap installations are not vulnerable, i've left them as they are. >3/ More a cgiwrap general question. Does using cgiwrap effect CGI >communication such as get/post method, multipart forms, etc. should not be a problem. with a wrapper, the webserver first invokes the wrapper binary and later if all security checks are ok, the wrapper binary will exec() to the cgi script. so all filehandles are handed over. >If I get your patch up and running, it looks like the only thing I will >need to change is the small check that you do to make sure that the >specified UID appears in the password file. isn't this already covered in the getpwuid() check? >Kind Regards, > >Bryan. -- sh |
