> Why do you need both of these? > > /var/sh-www/cgi-bin/viewlogs > /var/sh-www/cgi-bin/viewlogs-www -> viewlogs
Take a look at the code... The script includes code to prevent 'directory walking' attacks, so something like: http://myfirewall.com/cgi-bin/viewlogs?../../etc/passwd will fail. The symlink is used to change the basename of the program, which is then used to select the root directory to provide files from. There are many other ways this could be done, but this is the one I picked. One reason was to avoid parsing a parameter provided by the user, which is always a bit dangerous and tricky in shell-script (just look at how many buffer based attacks there are for 'real' programs!). Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
