ScriptAlias enabled by default... maybe, this is "yes, but" In 2.4.X - as in my packaging I have #LoadModule cgid_module libexec/mod_cgid.so
by default in httpd.conf. I was getting appropriate errors when I tried to access cgi scripts. Also, all "AddHandler" directives (there is one) are commented out. Unsure of what my 2.2.X package has. On Fri, Sep 21, 2012 at 2:13 AM, Gregg Smith <[email protected]> wrote: > On 9/20/2012 4:36 PM, Guenter Knauf wrote: > >> Am 20.09.2012 16:56, schrieb Guenter Knauf: >> >>> Am 20.09.2012 16:16, schrieb Guenter Knauf: >>> >>>> Am 20.09.2012 16:02, schrieb Jeff Trawick: >>>> >>>>> We shouldn't have scripts which, out of the box, leak information >>>>> about the system or configuration. >>>>> >>>> ok, I change the script in a way as printenv has (make shebang >>>> in-active); >>>> >>> done: >>> http://svn.apache.org/viewvc?**rev=1388054&view=rev<http://svn.apache.org/viewvc?rev=1388054&view=rev> >>> >> from trunk/Makefile.win line 1043ff: >> copy docs\cgi-examples\printenv >> "$(INSTDIR)\cgi-bin\printenv.**pl<http://printenv.pl>" >> <.y >> -awk -f <<script.awk "docs/cgi-examples/printenv" > >> "$(INSTDIR)\cgi-bin\printenv.**pl <http://printenv.pl>" >> BEGIN { >> if ( "perl -e \"print $$^X;\"" | getline perlroot ) { >> gsub( /\\/, "/", perlroot ); >> print "#!" perlroot; >> } >> } >> { >> if ( $$0 !~ /^#!/ ) { >> print $$0; >> } >> } >> << >> >> so this is the place where the shebang gets fixed for printenv.pl thus >> making it executable unless perl is not in search path ... >> shouldnt we then remove this part and only copy it unchanged? >> > > These are samples, I think they should be executable. I personally do not > like the fact that ScriptAlias is enabled by default. I think that is as > much a concern. > > Regards, > Gregg >
