> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Fri, 11 Jun 1999, Arjan van de Ven wrote:
>
> >
> > kHTTPd adds rule 4:
> >
> > 4. If the file is executable or non-world-readable
>
> This is a good idea, but do you really want to punt just becouse someone
> goofed on the permissions of the file? This could cause
> hard-to-diagnose changes in behavior if there are any bugs ot
> inconsistancy between the khttpd and userspace httpd
There are two possible inconsistancies:
1) kHTTPd thinks it is executable and the userspace daemon does not.
No problem, since kHTTPd passes the request to userspace daemon and
let it take care of it.
2) kHTTPd doesn't think it is executable (and serves the file) and the
userspace daemon disagrees.
This really shouldn't happen; ANY well designed webserver only executes
files marked "executable".
> , and from a security
> point of view, the worst that would happen is that your cgi would be
> downloaded rather then executed (messy, but is it really that much of a
> security risk?)
Yes it is. Not a lot of people want to share their site-internals.
Greetings,
Arjan van de Ven
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/