>Number: 2783 >Category: mod_include >Synopsis: #exec directive non-functional, other directives fine >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Tue Aug 4 21:10:00 PDT 1998 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: Apache/1.3.1 >Environment: FreeBSD stumpy.dannyland.org 3.0-CURRENT FreeBSD 3.0-CURRENT #14: Tue Aug 4 20:21:08 CDT 1998 [EMAIL PROTECTED]:/newhome/src/sys/compile/STUMPY i386
clean build from FreeBSD ports collection. >Description: I've seen other PRs bearing on this topic. I've exhausted the config files, and can find nothing ... so out of desperation I checked bug database and was reassured by my company. To wit, it appears that #exec cmd= is discarded. (See example ...) >How-To-Repeat: http://stumpy.dannyland.org/~dannyman/journal/1998/07/29.html - rests beyond a dynamic connection, don't hold your breath Example text; <link rev="made" href="mailto:[EMAIL PROTECTED]"> </head><body text="#000000" link="#3333ff" vlink="#990000" bgcolor="<!--#exec cmd=".bin/randcolor" -->"> <!--#exec cmd="/bin/date" --> <h1 align=center>29 July, 1998</h1> <hr width="50%"> Renders to the browser as; <link rev="made" href="mailto:[EMAIL PROTECTED]"> </head><body text="#000000" link="#3333ff" vlink="#990000" bgcolor=""> <h1 align=center>29 July, 1998</h1> <hr width="50%"> Just because I've heard of an occasional bug in FreeBSD sh, I tried; stumpy 22:56 ~> echo "/bin/date" | /bin/sh Tue Aug 4 23:04:03 CDT 1998 Later on down the page, the following parses great; <address>This document last modified <!--#echo var="LAST_MODIFIED"--> <<a href="mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED]</a>> </address> Oh, I'm using XBitHack full along with the Options Include and the conventional .shtml handler stuff ... >Fix: I can find no IncludesNOEXEC or whatever it is anywhere, but my uneducated hunch would maybe investigate some Options configuration loophole. >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
