summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorLaurent Bercot <ska-skaware@skarnet.org>2023-11-08 03:31:54 +0000
committerLaurent Bercot <ska@appnovation.com>2023-11-08 03:31:54 +0000
commit0cab505405d61922e07096f97159838584d3787d (patch)
treefbec9a665cda492949d5f44b46f7e20e0ef6b483 /doc
parent4eda14316376fb1e657ac2da269533e2422d2399 (diff)
downloadtipidee-0cab505405d61922e07096f97159838584d3787d.tar.xz
Prepare for 0.0.2.0. Add global executable_means_cgi config directive.
Signed-off-by: Laurent Bercot <ska@appnovation.com>
Diffstat (limited to 'doc')
-rw-r--r--doc/index.html2
-rw-r--r--doc/tipidee.conf.html26
-rw-r--r--doc/upgrade.html4
3 files changed, 29 insertions, 3 deletions
diff --git a/doc/index.html b/doc/index.html
index 91ed0de..0341d6b 100644
--- a/doc/index.html
+++ b/doc/index.html
@@ -143,7 +143,7 @@ Don't take my word for it; try it out for yourself. </li>
<ul>
<li> The current released version of tipidee is
-<a href="tipidee-0.0.1.1.tar.gz">0.0.1.1</a>. </li>
+<a href="tipidee-0.0.2.0.tar.gz">0.0.2.0</a>. </li>
<li> You can checkout a copy of the
<a href="//git.skarnet.org/cgi-bin/cgit.cgi/tipidee/">tipidee
git repository</a>:
diff --git a/doc/tipidee.conf.html b/doc/tipidee.conf.html
index 4c0a23f..182c206 100644
--- a/doc/tipidee.conf.html
+++ b/doc/tipidee.conf.html
@@ -276,6 +276,32 @@ output data. And this is "private dirty" memory, i.e. memory that
that setting &mdash; and with the CGI scripts you choose to run. </li>
</ul>
+
+<div id="executable_means_cgi">
+<h4> <tt>executable_means_cgi</tt> </h4>
+</div>
+
+<p>
+ <code> global executable_means_cgi <em>value</em> </code>
+</p>
+
+<ul>
+ <li> <em>value</em> is a non-negative integer. If it is nonzero, then
+all the documents that have an executable bit for "others" will be
+considered CGI scripts by default. </li>
+ <li> This is useful when your CGI scripts are scattered among your
+documents and you cannot gather them under a hierarchy like <tt>/cgi-bin/</tt>. </li>
+ <li> On the other hand, it should only be used by administrators who keep a
+tight control on their documents. It is dangerous to activate this option
+with dynamically managed content, because there could be files created with
+the wrong permissions and improperly identified as CGI scripts, resulting in
+failures or even security holes. </li>
+ <li> The classification of a given executable file as a CGI script
+can be overridden by a local <tt>noncgi</tt> directive, see below. Such
+a directive can protect dynamically managed content that is restricted
+to a given hierarchy. </li>
+</ul>
+
<div id="index-file">
<h3> The <tt>index-file</tt> directive </h3>
</div>
diff --git a/doc/upgrade.html b/doc/upgrade.html
index b00298a..1683855 100644
--- a/doc/upgrade.html
+++ b/doc/upgrade.html
@@ -18,10 +18,10 @@
<h1> What has changed in tipidee </h1>
-<h2> in.0.0.1.1 </h2>
+<h2> in.0.0.2.0 </h2>
<ul>
- <li> No functional changes. </li>
+ <li> New <tt>global executable_means_cgi</tt> configuration directive. </li>
</ul>
<h2> in 0.0.1.0 </h2>