On Wed, Mar 09, 2005 at 07:21:19AM +0100, lars ebeling wrote:
But my question is: Where do I find documentation about available graphs?
There isn't any, really. hobbitgraph.cfg has the definitions so you can see which ones exist by looking there, but you're right - it would be nice to have a brief description of each somewhere.
I also read about "Unsecure path...." from Perl. We also had some mails about this SetEnv. I never got it to work. Don't know where to put SetEnv.
I guess around the same place in httpd.conf that you added the hobbi-cgi definitions.
The note I wrote about SetEnv and maint.pl was purely done from the perlsec man-page. Since the problem doesn't show up anywhere I can try Hobbit, it's a bit difficult to dive into.
However changing -wT to -wt in maint.pl works. But probably makes it more unsecure.
It does make it accept "tainted" data. But since the same script runs with -wT in lots of places, it shouldn't be a problem.
Maybe I'll do my own maint.pl replacement someday.
Henrik