push @tmp_array, " Order allow,deny\n";
push @tmp_array, " Allow from all\n";
push @tmp_array, "</Directory>\n";
- push @tmp_array, "<Directory \"$grpdir_prefix$unix_group_name/cgi-bin\">\n";
- push @tmp_array, " AllowOverride AuthConfig FileInfo\n";
- push @tmp_array, " Options ExecCGI\n";
- push @tmp_array, " Order allow,deny\n";
- push @tmp_array, " Allow from all\n";
- push @tmp_array, "</Directory>\n";
+# disabled for CVE-2014-6275
+# Only enable it if you know what you are doing, by default all scripts run as Apache
+# push @tmp_array, "<Directory \"$grpdir_prefix$unix_group_name/cgi-bin\">\n";
+# push @tmp_array, " AllowOverride AuthConfig FileInfo\n";
+# push @tmp_array, " Options ExecCGI\n";
+# push @tmp_array, " Order allow,deny\n";
+# push @tmp_array, " Allow from all\n";
+# push @tmp_array, "</Directory>\n";
push @tmp_array, "<VirtualHost 192.168.4.52>\n";
push @tmp_array, " DocumentRoot \"$grpdir_prefix$unix_group_name/htdocs/\"\n";
push @tmp_array, " CustomLog $grpdir_prefix$unix_group_name/log/combined_log combined\n";
- push @tmp_array, " ScriptAlias /cgi-bin/ \"$grpdir_prefix$unix_group_name/cgi-bin/\"\n";
+# push @tmp_array, " ScriptAlias /cgi-bin/ \"$grpdir_prefix$unix_group_name/cgi-bin/\"\n";
push @tmp_array, " Servername $http_domain\n";
push @tmp_array, "</VirtualHost>\n";
}
ServerName gforge.company.com
ServerAlias *.gforge.company.com
VirtualDocumentRoot /home/groups/%1/htdocs
- VirtualScriptAlias /home/groups/%1/cgi-bin
+# disabled for CVE-2014-6275
+# Only enable it if you know what you are doing, by default all scripts run as Apache
+# VirtualScriptAlias /home/groups/%1/cgi-bin
<Directory /home/groups>
Options Indexes FollowSymlinks
SudoEffectiveUser($dummy_user, sub {
mkdir $log_dir, $default_perms ;
- mkdir $cgi_dir, $default_perms ;
+# disabled for CVE-2014-6275
+# Only enable it if you know what you are doing, by default all scripts run as Apache
+# mkdir $cgi_dir, $default_perms ;
mkdir $ht_dir, $default_perms ;
mkdir $inc_dir, $default_perms ;
system("cp $default_page $ht_dir/index.php");
# perl is sometime fucked to create with right permission
chmod $default_perms, $group_dir;
chmod $default_perms, $log_dir;
- chmod $default_perms, $cgi_dir;
+# chmod $default_perms, $cgi_dir;
chmod $default_perms, $ht_dir;
chmod $incdir_perms, $inc_dir;
chmod 0664, "$ht_dir/index.php";
SudoEffectiveUser($dummy_user, sub {
chmod $default_perms, $group_dir;
chmod $default_perms, $log_dir;
- chmod $default_perms, $cgi_dir;
+# chmod $default_perms, $cgi_dir;
chmod $default_perms, $ht_dir;
chmod $incdir_perms, $inc_dir;
});
# Project home pages are in a virtual /www/<group> location
AliasMatch ^/www/([^/]*)/(.*) /var/lib/gforge/chroot/home/groups/$1/htdocs/$2
-ScriptAliasMatch ^/([^/]*)/cgi-bin/(.*) /var/lib/gforge/chroot/home/groups/$1/cgi-bin/$2
+# disabled for CVE-2014-6275
+# Only enable it if you know what you are doing, by default all scripts run as Apache
+#ScriptAliasMatch ^/([^/]*)/cgi-bin/(.*) /var/lib/gforge/chroot/home/groups/$1/cgi-bin/$2
<Directory /var/lib/gforge/chroot/home/groups>
Options Indexes FollowSymlinks
AllowOverride All
UseCanonicalName Off
VirtualDocumentRoot /var/lib/gforge/chroot/home/groups/%1/htdocs
-VirtualScriptAlias /var/lib/gforge/chroot/home/groups/%1/cgi-bin
+# disabled for CVE-2014-6275
+# Only enable it if you know what you are doing, by default all scripts run as Apache
+#VirtualScriptAlias /var/lib/gforge/chroot/home/groups/%1/cgi-bin
SetEnvIf Host "(.*)\.{core/web_host}" AWSTATS_FORCE_CONFIG=group-$1
# Project home pages are in a virtual /www/<group> location
AliasMatch ^/www/([^/]*)/(.*) /var/lib/gforge/chroot/home/groups/$1/htdocs/$2
-ScriptAliasMatch ^/([^/]*)/cgi-bin/(.*) /var/lib/gforge/chroot/home/groups/$1/cgi-bin/$2
+# disabled for CVE-2014-6275
+# Only enable it if you know what you are doing, by default all scripts run as Apache
+#ScriptAliasMatch ^/([^/]*)/cgi-bin/(.*) /var/lib/gforge/chroot/home/groups/$1/cgi-bin/$2
<Directory /var/lib/gforge/chroot/home/groups>
Options Indexes FollowSymlinks
AllowOverride All
UseCanonicalName Off
VirtualDocumentRoot /var/lib/gforge/chroot/home/groups/%1/htdocs
-VirtualScriptAlias /var/lib/gforge/chroot/home/groups/%1/cgi-bin
+# disabled for CVE-2014-6275
+# Only enable it if you know what you are doing, by default all scripts run as Apache
+#VirtualScriptAlias /var/lib/gforge/chroot/home/groups/%1/cgi-bin
SetEnvIf Host "(.*)\.{core/web_host}" AWSTATS_FORCE_CONFIG=group-$1
# Project home pages are in a virtual /www/<group> location
AliasMatch ^/www/([^/]*)/(.*) /var/local/lib/gforge/chroot/home/groups/$1/htdocs/$2
-ScriptAliasMatch ^/([^/]*)/cgi-bin/(.*) /var/local/lib/gforge/chroot/home/groups/$1/cgi-bin/$2
+# disabled for CVE-2014-6275
+# Only enable it if you know what you are doing, by default all scripts run as Apache
+#ScriptAliasMatch ^/([^/]*)/cgi-bin/(.*) /var/local/lib/gforge/chroot/home/groups/$1/cgi-bin/$2
<Directory /var/local/lib/gforge/chroot/home/groups>
Options Indexes FollowSymlinks
AllowOverride All
UseCanonicalName Off
VirtualDocumentRoot /var/local/lib/gforge/chroot/home/groups/%1/htdocs
-VirtualScriptAlias /var/local/lib/gforge/chroot/home/groups/%1/cgi-bin
+# disabled for CVE-2014-6275
+# Only enable it if you know what you are doing, by default all scripts run as Apache
+#VirtualScriptAlias /var/local/lib/gforge/chroot/home/groups/%1/cgi-bin
SetEnvIf Host "(.*)\.{core/web_host}" AWSTATS_FORCE_CONFIG=group-$1
# Project home pages are in a virtual /www/<group> location
AliasMatch ^/www/([^/]*)/(.*) {core/groupdir_prefix}/$1/htdocs/$2
+# disabled for CVE-2014-6275
# Only enable it if you know what you are doing, by default all scripts run as Apache
#ScriptAliasMatch ^/([^/]*)/cgi-bin/(.*) {core/groupdir_prefix}/$1/cgi-bin/$2
<Directory {core/groupdir_prefix}>
UseCanonicalName Off
VirtualDocumentRoot {core/groupdir_prefix}/%1/htdocs
+# disabled for CVE-2014-6275
# Only enable it if you know what you are doing, by default all scripts run as Apache
#VirtualScriptAlias {core/groupdir_prefix}/%1/cgi-bin
# FusionForge without the DNS delegation
# Project home pages are in a virtual /www/<group> location
# AliasMatch ^/www/([^/]*)/(.*) /home/groups/$1/htdocs/$2
- # ScriptAliasMatch ^/([^/]*)/cgi-bin/(.*) /home/groups/$1/cgi-bin/$2
+# disabled for CVE-2014-6275
+# Only enable it if you know what you are doing, by default all scripts run as Apache
+ # #ScriptAliasMatch ^/([^/]*)/cgi-bin/(.*) /home/groups/$1/cgi-bin/$2
# <Directory /home/groups>
# Options Indexes FollowSymlinks
# AllowOverride All
ServerName gforge.company.com
ServerAlias *.gforge.company.com
VirtualDocumentRoot /home/groups/%1/htdocs
- VirtualScriptAlias /home/groups/%1/cgi-bin
+# disabled for CVE-2014-6275
+# Only enable it if you know what you are doing, by default all scripts run as Apache
+ #VirtualScriptAlias /home/groups/%1/cgi-bin
DirectoryIndex index.html index.php
php_admin_value default_charset "UTF-8"
php_admin_value include_path "/path/to/gforge/etc/custom:/etc/gforge:/opt/gforge:/opt/gforge/www/include:."
# FusionForge without the DNS delegation
# Project home pages are in a virtual /www/<group> location
# AliasMatch ^/www/([^/]*)/(.*) {gforge_chroot}{groupdir}/$1/htdocs/$2
- # ScriptAliasMatch ^/([^/]*)/cgi-bin/(.*) {gforge_chroot}{groupdir}/$1/cgi-bin/$2
+# disabled for CVE-2014-6275
+# Only enable it if you know what you are doing, by default all scripts run as Apache
+ # #ScriptAliasMatch ^/([^/]*)/cgi-bin/(.*) {gforge_chroot}{groupdir}/$1/cgi-bin/$2
# <Directory {gforge_chroot}{groupdir}>
# Options Indexes FollowSymlinks
# AllowOverride All
# FusionForge without the DNS delegation
# Project home pages are in a virtual /www/<group> location
# AliasMatch ^/www/([^/]*)/(.*) {gforge_chroot}{groupdir}/$1/htdocs/$2
- # ScriptAliasMatch ^/([^/]*)/cgi-bin/(.*) {gforge_chroot}{groupdir}/$1/cgi-bin/$2
+# disabled for CVE-2014-6275
+# Only enable it if you know what you are doing, by default all scripts run as Apache
+ # #ScriptAliasMatch ^/([^/]*)/cgi-bin/(.*) {gforge_chroot}{groupdir}/$1/cgi-bin/$2
# <Directory {gforge_chroot}{groupdir}>
# Options Indexes FollowSymlinks
# AllowOverride All
ServerName {domain_name}
ServerAlias *.{domain_name}
VirtualDocumentRoot {gforge_chroot}{groupdir}/%1/htdocs
- VirtualScriptAlias {gforge_chroot}{groupdir}/%1/cgi-bin
+# disabled for CVE-2014-6275
+# Only enable it if you know what you are doing, by default all scripts run as Apache
+ #VirtualScriptAlias {gforge_chroot}{groupdir}/%1/cgi-bin
DirectoryIndex index.html index.php
php_admin_value default_charset "UTF-8"
php_admin_value include_path "{sys_custom_path}:/etc/gforge:{usr_share_gforge}:{usr_share_gforge}/www:{usr_share_gforge}/www/include:{usr_share_gforge}/plugins:/usr/share/php:."