Hi Henrik,
This is from my httpd.conf
<Directory "/home/hobbit/cgi-secure"> SetEnv PATH /bin:/usr/local/bin:/usr/bin AllowOverride None Options ExecCGI Includes Order allow,deny Allow from all This doesn't help. You always could come here and try Regards
Lars
Hobbithobbyist
Henrik Stoerner <user-ce4a2c883f75@xymon.invalid> wrote:
I guess around the same place in httpd.conf that you added the
hobbi-cgi definitions.
The note I wrote about SetEnv and maint.pl was purely done from the
perlsec man-page. Since the problem doesn't show up anywhere I can try
Hobbit, it's a bit difficult to dive into.
However changing -wT to -wt in maint.pl works. But probably makes it
more unsecure.
It does make it accept "tainted" data. But since the same script runs
with -wT in lots of places, it shouldn't be a problem.
Maybe I'll do my own maint.pl replacement someday.
Henrik
I'm not young enough to know everything.
-Oscar Wilde