CGIHTTPRequestHandler.run_cgi() only checks if the script processing the request is executable if the file is not a Python script, but later it uses os.execve(scriptfile, ...) if os has a fork() function.

Moreover, the executable() functions checks if os.stat(path).st_mode & 0o111 != 0: this test is wrong if st_mode & 0o111 != 0o111. For example, if the script has mode 0700 and is not owned by the current user, executable() returns True, whereas it should be False. os.access(filename, os.X_OK) should be used instead.

I found these issues while trying to understand the following failure on "FreeBSD 7.2 x86 3.x" buildbot:

[320/356/2] test_httpservers
Traceback (most recent call last):
  File "/usr/home/db3l/buildarea/3.x.bolen-freebsd7/build/Lib/http/server.py", line 1123, in run_cgi
OSError: [Errno 13] Permission denied
(...)

I don't understand how it happens because test_httpservers uses os.chmod(script, 0o777).

cgi.patch: fix the test checking that the script file is executable.

The patch removes the executable() function. This function is not documented but is public. The patch can be easily modified to keep this function if needed.

Both the changes suggested in the patch are fine. I think, it is okay to remove the executable function. It is undocumented as it is, and have not seen any standalone use of it. A note in NEWS can help.

New changeset ecef74419d55 by Victor Stinner in branch 'default':
Close #12289: Fix "is executable?" test in the CGI server
http://hg.python.org/cpython/rev/ecef74419d55