[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [hobbit] Graphs and maint.pl

To: hobbit (at) hswn.dk
Subject: Re: [hobbit] Graphs and maint.pl
From: lars ebeling <dhd733 (at) yahoo.se>
Date: Thu, 10 Mar 2005 09:15:58 +0100 (CET)

Hi Henrik,

This is from my httpd.conf
<Directory "/home/hobbit/cgi-secure">         
    SetEnv PATH /bin:/usr/local/bin:/usr/bin  
    AllowOverride None                        
    Options ExecCGI Includes                  
    Order allow,deny                          
    Allow from all                 

This doesn't help. You always could come here and try 

Regards
Lars
Hobbithobbyist           

Henrik Stoerner <henrik (at) hswn.dk> wrote:

I guess around the same place in httpd.conf that you added the
hobbi-cgi definitions.

The note I wrote about SetEnv and maint.pl was purely done from the
perlsec man-page. Since the problem doesn't show up anywhere I can try
Hobbit, it's a bit difficult to dive into.

> However changing -wT to -wt in maint.pl works. But probably makes it
> more unsecure.

It does make it accept "tainted" data. But since the same script runs
with -wT in lots of places, it shouldn't be a problem.

Maybe I'll do my own maint.pl replacement someday.

Henrik

To unsubscribe from the hobbit list, send an e-mail to
hobbit-unsubscribe (at) hswn.dk

I'm not young enough to know everything.
-Oscar Wilde

Prev by Date: Re: [hobbit] Graphs and maint.pl
Next by Date: Re: [hobbit] Graphs and maint.pl
Previous by thread: Re: [hobbit] bb-test
Next by thread: Re: [hobbit] Graphs and maint.pl
Index(es):
- Date
- Thread