exec() may not be safe

Forum Moderators: phranque

Message Too Old, No Replies

exec() may not be safe

any hints?

phoenix_fly

3:35 am on Jul 31, 2005 (gmt 0)

Hello my friends,

Everytime I run cgi scripts these lines are appended to the error log:

[Sun Jul 31 00:23:53 2005] [warn] exec() may not be safe
[Sun Jul 31 00:23:53 2005] [warn] exec() may not be safe
[Sun Jul 31 00:23:53 2005] [warn] exec() may not be safe
[Sun Jul 31 00:23:53 2005] [warn] exec() may not be safe

Four lines per cgi executed.

By the way, the cgi executes fine. At least the Hi.cgi untill now.

Any ideas? I´m running Apache 1.3.33 on a Win98 box.

Thanks a lot

phoenix_fly

jdMorgan

5:45 am on Jul 31, 2005 (gmt 0)

From the Apache mod_include documentation:

The include virtual element should be used in preference to exec cgi.

exec cgi is considered unsafe because parameters are passed directly from the HTTP request headers to the script or shell command; This might lead to arbitrary command execution on your server through the use of cleverly-crafted query strings; See this somewhat-related recent thread [webmasterworld.com].

Jim