[pkg-lighttpd] Bug#499334: Bug#499334: lighttpd: CGI scripts only work for remoteip "127.0.0.1"

Pierre Habouzit madcoder at debian.org
Sun Oct 5 16:17:47 UTC 2008 

On Sun, Oct 05, 2008 at 04:08:36PM +0000, Rodrigo Campos wrote:
> On Sun, Oct 5, 2008 at 5:35 AM, Pierre Habouzit <madcoder at debian.org> wrote:
> > On Sat, Oct 04, 2008 at 02:33:08AM +0000, Rodrigo Campos wrote:
> >> Package: lighttpd
> >> Version: 1.4.19-5
> >> Followup-For: Bug #499334
> >>
> >> The fix allows CGI execution only from localhost. If you enabled cgi module you
> >> probably don't want it to work only from localhost.
> >>
> >> The Apache package also enables it for "anybody"
> >
> > which is a rather bad idea for many CGI scripts. plus it's a snipplet
> > example that is meant to be modified.
> 
> Why is a bad idea ?
> 
> If you want to activate the cgi module, probably you want to activate
> it so everybody can just see your gitweb/whatever. Why would you want
> to activate it only for localhost ? Isn't this a very particular case
> ?

Because every package with a cgi will drop a cgi in there, and you may
not want them to be _all_ enabled this way.

> Also, if that is an example to be modified, is kind of disturbing to
> modify that file. If you modify it locally, and a new package changed
> it, you will have to "merge" it on your own and that stuff. It's not
> very nice to modify that file :)
> 
> If that is the "default", I think it should comfortable for "the
> majority", not just for particular usage cases.
> 
> And if its just "to copy"/"know how to do that" perhaps in the
> README.Debian or some of those documentation files would be more
> appropriate ?

Well, patches are always welcome. FWIW it's obvious to me that files
that are not active by default and are dropped in the Debian package in
/etc/lighttpd/conf-available are examples meant to be modified to suit
your personal needs.

-- 
·O·  Pierre Habouzit
··O                                                madcoder at debian.org
OOO                                                http://www.madism.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-lighttpd-maintainers/attachments/20081005/8097aba4/attachment.pgp

More information about the pkg-lighttpd-maintainers mailing list