19 Sep
1999
19 Sep
'99
15:37
While we're on the security list, cgi-bin is non-empty. I remember that by some default on some distribution it contained a file with serious security problems?!?
yep. its 'testcgi' a shell script in the main cgi-bin dir. 'chmod 000' or delete/move it. if the httpd runs as non-root this is no big deal but if one _have_ to run httpd as root (for what reasons ever) this is a serious problem. cu stefan