At 11:41 AM 23/07/97 +0001, Jakob Borg wrote: >I want to enable the users of my webserver to use certain CGI-scripts >(provided by me) by using mod_include. >To do that, one would use the tag <!--#exec cgi="/cgi-bin/script" -->, >but one could also use the <!--"exec cmd="dangerous.command" -->. >That last possiblity is what I want to eliminate. One way would be to >remove /bin/sh, which is out of the question. Any other suggestions?
This question is more Apache specific rather than Debian itself, but ... What you need to do is disable all ExecCGI options in the configuration except for anything that _you_ install under /usr/lib/cgi-bin . There should be heaps of documentation about that at http://www.apache.org and in the actualy config files itself. Regards -- Karl Ferguson Tower Networking Pty Ltd Tel: +61 8 9456 0000 [EMAIL PROTECTED] t/a STAR Online Services Fax: +61 8 9455 2776 [EMAIL PROTECTED] -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
