[oclug]setting two cgi-bin directories under apache
Brad Barnett
bb at L8R.net
Thu Jan 30 10:02:38 EST 2003
On Thu, 30 Jan 2003 09:52:26 -0500
"Strosberg, Bill" <bstrosberg at rcpsc.edu> wrote:
> > From: Maximo Ramos [mailto:maximo at violadores.org]
> > Sent: Thursday, January 30, 2003 9:28 AM
> > To: oclug at lists.oclug.on.ca
> > Subject: [oclug]setting two cgi-bin directories under apache
> >
> >
> > Hi
> >
> > I just gave up searching in the web for this ...
> >
> > I would like to define two cgi-bin directories, like:
> >
> > /usr/local/apache/cgi-bin/
> > /home/*/cgi-bin/
>
> Maximo:
>
> If you allow FollowSymLinks in the user cgi-bin directory, you could
> create symbolic links to the entries in the system /cgi-bin/ directory.
>
> i.e.
>
> ln -s /var/www/cgi-bin/* /home/maximo/cgi-bin
>
> You should be aware that cgi-bin programs are executables running with
> the priviledges of the web server user. Using "standard" script
> resources like formmail from Matt's script archive etc. create huge
> security holes, and may turn you into an unknowing spammer. Generally,
Current versions of this script are reported to be fine. There are quite
a few checks now in place to prevent something like this. The current
issue with this script revolves around people that do not upgrade when bug
fixed versions are issued.
I've heard that there are literally tens of thousands of people running
old, buggy versions of this script still :(
> avoid giving users scripting capabilities unless absolutely necessary,
> then vet the code yourself, as it's your webserver all the spam
> blacklist lookups will resolve to!
>
More information about the OCLUG
mailing list