[mapserver-dev] [gdal-dev] New env. var. to make it easier to test/debug web services

Daniel Morissette dmorissette at mapgears.com
Thu Oct 2 13:34:52 PDT 2014

On 14-10-02 4:25 PM, Even Rouault wrote:
> I didn't change this. They are currently enabled conditionaly. I'm not sure
> why. Perhaps for security reasons, since they imply reading a file (-t),
> overriding the temporary directory (-tmpbase), creating a file (MS_ERRORFILE) ?
>      /* Keep only "-v", "-nh" and "QUERY_STRING=..." enabled by default.
>       * The others will require an explicit -DMS_ENABLE_CGI_CL_DEBUG_ARGS
>       * at compile time.
>       */

Yes, that was for security reasons. I forget the exact details, but that 
was done when we discovered that one of the command-line args could 
potentially be remotely exploited via CGI:


Daniel Morissette
T: +1 418-696-5056 #201
Provider of Professional MapServer Support since 2000

More information about the mapserver-dev mailing list