Skip site navigation (1)Skip section navigation (2)
Date:      Thu,  8 Aug 2002 13:51:33 -0400 (EDT)
From:      Josh Elsasser <>
Subject:   ports/41454: [MAINTAINER-UPDATE] www/cgiwrap: disable debug scripts by default
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help

>Number:         41454
>Category:       ports
>Synopsis:       [MAINTAINER-UPDATE] www/cgiwrap: disable debug scripts by default
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports
>State:          open
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Aug 08 11:00:03 PDT 2002
>Originator:     Josh Elsasser
>Release:        FreeBSD 4.6-STABLE i386
System: FreeBSD jade.nat 4.6-STABLE FreeBSD 4.6-STABLE #1: Wed Aug 7 23:07:11 EDT 2002 joshe@jade.nat:/usr/obj/usr/src/sys/JADE i386

The debug scripts cgiwrapd and nph-cgiwrapd give away much information
about the CGI environment.


Installs cgiwrapd/nph-cgiwrapd as a separate binary and removes suid
and execute permissions.  A note is added to pkg-message explaining
how to enable cgiwrapd/nph-cgiwrapd.

This fix was suggested by Neil Darlow <>.

--- Makefile.orig	Mon Aug  5 13:28:44 2002
+++ Makefile	Thu Aug  8 13:01:42 2002
@@ -51,7 +51,11 @@
-	strip ${MAINCGIDIR}/cgiwrap
+	${STRIP_CMD} ${MAINCGIDIR}/cgiwrap
+	${RM} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd
+	${CP} ${MAINCGIDIR}/cgiwrap ${MAINCGIDIR}/cgiwrapd
+	${LN} ${MAINCGIDIR}/cgiwrapd ${MAINCGIDIR}/nph-cgiwrapd
+	${CHMOD} 644 ${MAINCGIDIR}/cgiwrapd
 .if !defined(NOPORTDOCS)
 .for file in accesscontrol.html afs.html changes.html comments.html \

--- pkg-message.orig	Mon Aug  5 13:28:44 2002
+++ pkg-message	Thu Aug  8 13:12:04 2002
@@ -9,6 +9,10 @@
 ...the default location for Apache's cgi-bin directory.
+The cgiwrapd and nph-cgiwrapd scripts are disabled by default, as they
+may give away sensitive information about the CGI environment.  To
+enable them, you must chmod 4755 ${PREFIX}/www/cgi-bin/cgiwrapd
 Access control enabled, you must create either
 ${PREFIX}/etc/cgiwrap.allow or ${PREFIX}/etc/cgiwrap.deny before
 cgiwrap will function.

To Unsubscribe: send mail to
with "unsubscribe freebsd-ports" in the body of the message

Want to link to this message? Use this URL: <>