Hi Henrik,

This is from my httpd.conf <Directory "/home/hobbit/cgi-secure">
SetEnv PATH /bin:/usr/local/bin:/usr/bin
AllowOverride None
Options ExecCGI Includes
Order allow,deny
Allow from all

This doesn't help. You always could come here and try

Regards Lars Hobbithobbyist

Henrik Stoerner <henrik at hswn.dk> wrote:

I guess around the same place in httpd.conf that you added the hobbi-cgi definitions.

The note I wrote about SetEnv and maint.pl was purely done from the perlsec man-page. Since the problem doesn't show up anywhere I can try Hobbit, it's a bit difficult to dive into.

However changing -wT to -wt in maint.pl works. But probably makes it more unsecure.

It does make it accept "tainted" data. But since the same script runs with -wT in lots of places, it shouldn't be a problem.

Maybe I'll do my own maint.pl replacement someday.

Henrik

To unsubscribe from the hobbit list, send an e-mail to hobbit-unsubscribe at hswn.dk

I'm not young enough to know everything. -Oscar Wilde