cgiwrap-users Mailing List for CGIWrap (Page 30)
Brought to you by:
nneul
You can subscribe to this list here.
2000 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(21) |
Sep
(23) |
Oct
(4) |
Nov
(15) |
Dec
(25) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2001 |
Jan
(5) |
Feb
(19) |
Mar
(19) |
Apr
(13) |
May
(12) |
Jun
(23) |
Jul
(6) |
Aug
(16) |
Sep
(6) |
Oct
(31) |
Nov
(23) |
Dec
(28) |
2002 |
Jan
(4) |
Feb
(9) |
Mar
(6) |
Apr
(23) |
May
(29) |
Jun
(16) |
Jul
(10) |
Aug
(41) |
Sep
(16) |
Oct
(8) |
Nov
(7) |
Dec
(7) |
2003 |
Jan
(13) |
Feb
(30) |
Mar
(6) |
Apr
(12) |
May
(23) |
Jun
(12) |
Jul
(11) |
Aug
(20) |
Sep
|
Oct
|
Nov
(10) |
Dec
(8) |
2004 |
Jan
(1) |
Feb
(11) |
Mar
(3) |
Apr
(10) |
May
(6) |
Jun
|
Jul
(3) |
Aug
(4) |
Sep
(3) |
Oct
(9) |
Nov
(2) |
Dec
|
2005 |
Jan
(7) |
Feb
|
Mar
(7) |
Apr
(1) |
May
(3) |
Jun
(2) |
Jul
(8) |
Aug
|
Sep
|
Oct
|
Nov
(2) |
Dec
(2) |
2006 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(2) |
Aug
(1) |
Sep
(2) |
Oct
(2) |
Nov
|
Dec
|
2007 |
Jan
|
Feb
|
Mar
|
Apr
(2) |
May
(12) |
Jun
(1) |
Jul
(1) |
Aug
|
Sep
(1) |
Oct
|
Nov
(14) |
Dec
|
2008 |
Jan
(5) |
Feb
(10) |
Mar
|
Apr
(12) |
May
(5) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(6) |
Dec
|
2009 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(2) |
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
2010 |
Jan
|
Feb
|
Mar
(1) |
Apr
(4) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
|
Dec
|
2011 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(2) |
Jun
|
Jul
|
Aug
(5) |
Sep
|
Oct
|
Nov
|
Dec
|
2013 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(2) |
Sep
|
Oct
|
Nov
|
Dec
(4) |
From: Michael D. S. <mds...@me...> - 2000-12-03 02:26:49
|
I am having problems with CGI.pm on a webserver. path_info() and path_translated() do *not* ``Return[s] additional path information ...'' separate from the calling CGI ?!?! uname -a Linux dante.tera-byte.com 2.2.14C11 #2 Wed Jun 28 00:55:51 PDT 2000 i586 unknown perl -v ... This is perl, version 5.005_03 built for i386-linux ... perl -MCGI -e 'print "CGI.pm version $CGI::VERSION\n";' CGI.pm version 2.56 Calling this: http://www.myweb.com/tmp/test.cgi/tmp/pictures Results in this output: _x_/home/sites/site99/web/tmp/test.cgi_x_ _x_/tmp/test.cgi/tmp/pictures_x_ For this cgi: #!/usr/bin/perl -w use CGI qw/:standard/; print header, start_html; print '_x_', path_translated(), '_x_', "\n"; print p; print '_x_', path_info(), '_x_', "\n"; print end_html; exit 0; As you know, both path_info and path_translated should point to the additional path info: /tmp/pictures; rather than the calling CGI. Here is my CGI environment: DOCUMENT_ROOT=/home/sites/site99/web GATEWAY_INTERFACE=CGI/1.1 HTTP_ACCEPT=image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* HTTP_ACCEPT_CHARSET=iso-8859-1,*,utf-8 HTTP_ACCEPT_ENCODING=gzip HTTP_ACCEPT_LANGUAGE=en HTTP_HOST=www.myweb.org HTTP_USER_AGENT=Mozilla/3.01Gold (Macintosh; I; 68K) PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin PATH_INFO=/tmp/env.pl PATH_TRANSLATED=/home/sites/site99/web/tmp/env.pl QUERY_STRING= REDIRECT_SCRIPT_URI=http://www.myweb.org/tmp/env.pl REDIRECT_SCRIPT_URL=/tmp/env.pl REDIRECT_STATUS=200 REDIRECT_UNIQUE_ID=OimYQ9jqoToAACRkK0k REDIRECT_URL=/tmp/env.pl REMOTE_ADDR=24.29.198.208 REMOTE_PORT=62647 REQUEST_METHOD=GET REQUEST_URI=/tmp/env.pl SCRIPT_FILENAME=/usr/cgiwrap/cgiwrap SCRIPT_NAME=/tmp/env.pl SCRIPT_URI=http://www.myweb.org/tmp/env.pl SCRIPT_URL=/tmp/env.pl SERVER_ADDR=216.234.189.108 SERVER_ADMIN=site99 SERVER_NAME=www.myweb.org SERVER_PORT=80 SERVER_PROTOCOL=HTTP/1.0 SERVER_SIGNATURE= SERVER_SOFTWARE=Apache/1.3.12 Cobalt (Unix) mod_ssl/2.6.4 OpenSSL/0.9.5a PHP/4.0.1pl2 mod_auth_pam/1.0a FrontPage/4.0.4.3 mod_perl/1.24 UNIQUE_ID=OimYQ9jqoToAACRkK0k What am I doing wrong??? -- Best Regards, mds mds resource 888.250.3987 "Dare to fix things before they break . . . " "Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . " |
From: Paul T. <pa...@cu...> - 2000-12-01 05:20:51
|
On Thu, 30 Nov 2000 web...@du... wrote: > Two thoughts: > > Upgrade to the latest version -- there have been php-related > modifications recently. Ya, I think time has come. > Does cgiwrap work with non-php (perl, shell, etc) cgi's? Yes, my current cgiwrap works fine with other cgi's. Thanks, --Paul T. -- Douglas Adams: "There is a theory which states that if ever anybody discovers exactly what the Universe is for and why it is here, it will instantly disappear and be replaced by something even more bizarre and inexplicable. There is another theory which states that this has already happened." |
From: <web...@du...> - 2000-12-01 04:54:48
|
> > > Hi, > > I have compiled a PHP binary for my Linux/Apache webserver. I also > have a cgiwrap-3.5 (I know I should upgrade, sorry) I have installed the > PHP binary at: > > /usr/local/bin/php > > and put php pages in cgi-bin with: > > #!/usr/local/bin/php > Two thoughts: Upgrade to the latest version -- there have been php-related modifications recently. Does cgiwrap work with non-php (perl, shell, etc) cgi's? -mike > > > Thanks! > > --Paul T. > > -- > Douglas Adams: "There is a theory which states that if ever anybody > discovers exactly what the Universe is for and why it is here, it will > instantly disappear and be replaced by something even more bizarre and > inexplicable. There is another theory which states that this has already > happened." > > > _______________________________________________ > cgiwrap-users mailing list > cgi...@li... > http://lists.sourceforge.net/mailman/listinfo/cgiwrap-users > -- Mike Glover web...@du... Duluoz Networks http://www.duluoz.net |
From: Paul T. <pa...@cu...> - 2000-12-01 04:02:28
|
Hi, I have compiled a PHP binary for my Linux/Apache webserver. I also have a cgiwrap-3.5 (I know I should upgrade, sorry) I have installed the PHP binary at: /usr/local/bin/php and put php pages in cgi-bin with: #!/usr/local/bin/php as the first line of the php pages. This works fine without cgiwrap if I invoke the a php page as such: http://www.server.com/cgi-bin/test.php But, if I enable cgiwrap and try: http://www.server.com/cgi-bin/cgiwrap/paul/test.php I get these errors: Warning: Unexpected character in input: ' in /usr/local/etc/httpd/cgi-bin/cgiwrap on line 1 Warning: Unexpected character in input: ' (ASCII=8) state=1 in /usr/local/etc/httpd/cgi-bin/cgiwrap on line 1 Warning: Unexpected character in input: ' in /usr/local/etc/httpd/cgi-bin/cgiwrap on line 1 Warning: Unexpected character in input: ' in /usr/local/etc/httpd/cgi-bin/cgiwrap on line 1 Warning: Unexpected character in input: ' in /usr/local/etc/httpd/cgi-bin/cgiwrap on line 1 Warning: Unexpected character in input: ' in /usr/local/etc/httpd/cgi-bin/cgiwrap on line 1 Warning: Unexpected character in input: ' in /usr/local/etc/httpd/cgi-bin/cgiwrap on line 1 Warning: Unexpected character in input: ' in /usr/local/etc/httpd/cgi-bin/cgiwrap on line 1 Warning: Unexpected character in input: ' in /usr/local/etc/httpd/cgi-bin/cgiwrap on line 1 Parse error: parse error in /usr/local/etc/httpd/cgi-bin/cgiwrap on line 1 It looks like cgiwrap does not like: #!/usr/local/bin/php perhaps? Has anyone set this up or have any comments? Thanks! --Paul T. -- Douglas Adams: "There is a theory which states that if ever anybody discovers exactly what the Universe is for and why it is here, it will instantly disappear and be replaced by something even more bizarre and inexplicable. There is another theory which states that this has already happened." |
From: Lic. R. G. G. <ro...@eq...> - 2000-11-24 19:36:16
|
Hello, I'm trying to install CGIWrap in an Apache's VirtualHost, configuring it towork just in that virtual host (that's, creating a script aliased directory for that virtual host, with one user only). I compiled cgiwrap with --with-cgi-dir=cgi-bin I have this directory structure: /path/to/myuser <- $HOME for my user. /path/to/cgi-aliased/cgiwrap <- the cgiwrap program @ the script aliased for the virtual host /path/to/myuser/html <- where the virtual host's pages live /path/to/myuser/cgi-bin <- where I want the user's scripts to be Then I configured Apache with this: <VirtualHost www.somedomain.com> ServerName www.somedomain.com DocumentRoot /path/to/myuser/html AddHandler cgi-wrapper .cgi Action cgi-wrapper /cgi-bin/cgiwrap/~myuser ScriptAlias /cgi-bin/ /path/to/cgi-aliased/cgiwrap/ </VirtualHost> Then I put a perl cgi like this: /path/to/myuser/cgi-bin/myscript.cgi , chmod'ed to 755, chown'ed to myuser.myuser and accessed the site with these URLs: http://www.somedomain.com/cgi-bin/myscript.cgi http://www.somedomain.com/cgi-bin/cgiwrap/~myuser/myscript.cgi I guessed that with the handler configured in Apache, this would result in cgiwrap executing myscript.cgi , am I wrong?. However I get "Script File Not Found!", and: "Extra Path Info: /~myuser/cgi-bin/myscript.cgi" from cgiwrap, and also cgiwrapd is complaining about not been able to find the script. I guess there's something wrong with the UserDir in Apache or a mess with the path's?. But I can't figure out why this is not working. Could somebody give me a hint, please?. Thank you in advance, Rodolfo. P.S. The same happens if I place a public_html inside the $HOME for myuser, like this: $HOME/public_html/cgi-bin P.P.S. My full cgiwrap configuration follows in an attachment. |
From: pmaguire <pma...@nt...> - 2000-11-24 02:38:24
|
From: blinky <bl...@gm...> - 2000-11-17 16:47:41
|
Check if .htaccess files do there job if they are in another directory... if not, your apache-config is wrong. > I am having trouble having .htaccess work with cgiwrap. For example: I > have a .htaccess file in a directory in my cgi-bin (say /cgi-bin/admin). > The .htaccess file is for user authentication only (with htpasswd), but > when I try to execute the cgi in this cgi-bin directory, it bypasses the > .htaccess file and execs the script. > Any ideas? *ANY* reply would be greatly appreciated. > Thanks, > -Jim > CSI Online Services > Technical Support Staff > Voice: 732-914-0167 > FAX: 732-505-3232 > _______________________________________________ > cgiwrap-users mailing list > cgi...@li... > http://lists.sourceforge.net/mailman/listinfo/cgiwrap-users |
From: Support <su...@cs...> - 2000-11-17 16:28:23
|
I am having trouble having .htaccess work with cgiwrap. For example: I have a .htaccess file in a directory in my cgi-bin (say /cgi-bin/admin). The .htaccess file is for user authentication only (with htpasswd), but when I try to execute the cgi in this cgi-bin directory, it bypasses the .htaccess file and execs the script. Any ideas? *ANY* reply would be greatly appreciated. Thanks, -Jim CSI Online Services Technical Support Staff Voice: 732-914-0167 FAX: 732-505-3232 |
From: Neulinger, N. R. <nn...@um...> - 2000-11-10 20:57:32
|
Committed to CVS. > -----Original Message----- > From: Scott Sutherland [mailto:sc...@ma...] > Sent: Friday, November 10, 2000 2:17 PM > To: nn...@um... > Subject: Re: cgiwrap and auth files > > > >>>>> "Nathan" == Neulinger, Nathan R <nn...@um...> writes: > Nathan> You have to check it out of CVS at the > sourceforge project page > Nathan> for cgiwrap. www.sourceforge.net/projects/cgiwrap > > OK. Version 3.6.4 terminates strings read from the file at the first > nonprinting character, which solves the problem of the > unwanted newline > chars. > > However, it is still very easy to accidentally put trailing > spaces in the > file, so I changed my version to delete trailing whitespace > from lines. > I only delete whitespace from the end of the line. It would > probably make > sense (and make simpler) to just change your test to terminate the > line at the first nonprinting or whitespace character, but it seemed > presumptious to assume that usernames couldn't contain spaces > (they can't in > Unix, but...). > > I also added debug messages when it is checking the auth files. > > Here is my patch, which you may include or not, as you like. > Thanks for your quick responses. > > Scott Sutherland > > > *** util-orig.c Fri Nov 10 12:29:25 2000 > --- util.c Fri Nov 10 15:08:07 2000 > *************** > *** 241,244 **** > --- 241,245 ---- > if ( deny_exists ) > { > + DEBUG_Str("Checking deny file for",user->pw_name); > in_deny = UserInFile(CONF_DENYFILE, user->pw_name); > } > *************** > *** 247,250 **** > --- 248,252 ---- > if ( allow_exists ) > { > + DEBUG_Str("Checking allow file for",user->pw_name); > in_allow = UserInFile(CONF_ALLOWFILE, user->pw_name); > } > *************** > *** 760,764 **** > char *i; > #endif > ! int j; > > #if defined(CONF_CHECKHOST) > --- 762,766 ---- > char *i; > #endif > ! int j, intail; > > #if defined(CONF_CHECKHOST) > *************** > *** 785,789 **** > return 0; > } > ! for (j=0; j<=strlen(temp); j++) > { > if ( !isprint(temp[j]) ) > --- 787,792 ---- > return 0; > } > ! intail=1; > ! for (j=strlen(temp)-1; j>=0; j--) > { > if ( !isprint(temp[j]) ) > *************** > *** 791,794 **** > --- 794,811 ---- > temp[j] = 0; > } > + else > + { > + if (intail) > + { > + if (isspace(temp[j])) > + { > + temp[j] = 0; > + } > + else > + { > + intail = 0; > + } > + } > + } > } > > *************** > *** 796,799 **** > --- 813,817 ---- > { > fclose(file); > + DEBUG_Str("Found",user); > return 1; > } > |
From: <web...@du...> - 2000-11-10 04:56:06
|
This would open up some serious security holes. It would effectively make every executable file setuid. If that doesn't bother you, remember that cgiwrap can be called from the command line, too: $export PATH_INFO=/bin/sh $cgiwrap # The real exploit would be slightly more complex than that, but not much. You can restrict execution to /home and check for symlinks, but you can still run other user's scripts setuid. Basically, in order to make this secure, you'd need to lose flexibility in lots of other areas of cgiwrap. -mike > > Hi. > > I've already sent this mail to Piotr Klaban and he suggested me to send this > to the mailing-list... and here it is now :) > > feature-request: > ----- > I can't code C. If so I would do it on my own, but here is me suggestion: > > Whats about adding a feature so cgiwrap gets the UID it should degrate > itself to from the uid of the file it executes? So there is no more need for > 'username' in 'cgiwrap/username/filename.cgi'. Just 'cgiwrap/filename.cgi'. > > This is how i'm doing it at the moment: > > ScriptAlias /cgi-cgiwrap/ /usr/cgiwrap/ > > <virtualhost ...> > [..] > Action cgi-wrapper /cgi-cgiwrap/cgiwrap/username/www > AddHandler cgi-wrapper .cgi > [..] > </virtualhost> > > these two lines wouldn't be necessary if cgiwrap would get the uid it should > degrade itself to from the uid of the file-owner (and maybe the gid too). > ----- > > greetings, > > daniel > _______________________________________________ > cgiwrap-users mailing list > cgi...@li... > http://lists.sourceforge.net/mailman/listinfo/cgiwrap-users > -- Mike Glover web...@du... Duluoz Networks http://www.duluoz.net |
From: blinky <bl...@gm...> - 2000-11-09 07:53:21
|
Hi. I've already sent this mail to Piotr Klaban and he suggested me to send this to the mailing-list... and here it is now :) feature-request: ----- I can't code C. If so I would do it on my own, but here is me suggestion: Whats about adding a feature so cgiwrap gets the UID it should degrate itself to from the uid of the file it executes? So there is no more need for 'username' in 'cgiwrap/username/filename.cgi'. Just 'cgiwrap/filename.cgi'. This is how i'm doing it at the moment: ScriptAlias /cgi-cgiwrap/ /usr/cgiwrap/ <virtualhost ...> [..] Action cgi-wrapper /cgi-cgiwrap/cgiwrap/username/www AddHandler cgi-wrapper .cgi [..] </virtualhost> these two lines wouldn't be necessary if cgiwrap would get the uid it should degrade itself to from the uid of the file-owner (and maybe the gid too). ----- greetings, daniel |
From: Piotr K. <ma...@ma...> - 2000-11-08 15:12:24
|
Hi, At the page http://w3.man.torun.pl/~makler/patches/cgiwrap/ you can find the current cgiwrap-php patch (for running cgiwrap with php scripts). There are no new features. One bug was fixed recently: - if someone patched cgiwrap with this patch, and does not use --with-php option, cgiwrap would not run properly. Best regards, -- Piotr Klaban |
From: Nathan N. <nn...@um...> - 2000-11-07 22:45:00
|
-- ------------------------------------------------------------ Nathan Neulinger EMail: nn...@um... University of Missouri - Rolla Phone: (573) 341-4841 CIS - Systems Programming Fax: (573) 341-4216 |
From: Eileen O. <ei...@or...> - 2000-11-07 14:18:20
|
Hi, I have installed cgiwrap on my debian 2.2 box. When I try to execute a .cgi file from a user/public_html/cgi-bin directory I get this error? Script userid and/or remote host not permitted! Any help would be appreciated? I use apache also... Eileen Orbell Software & Internet Applications Capitol College mailto:ei...@or... mailto:ei...@or... Don't Fear the Penguin. |
From: Kevin Y. <ke...@in...> - 2000-11-06 04:54:55
|
Ken, we use the following in Apache such that all CGIs with a suffix of "cgi" are executed using CGIWrap: AddHandler cgiwrapper .cgi Action cgiwrapper /cgi-bin/cgiwrap When used in conjunction with the mod_vhost_alias module of the latest Apache version, you can use this to do virtual CGI execution using CGIWrap. It's quite convenient. On Sun, 5 Nov 2000, Ralph Huntington wrote: > Here's how I do it. I know there are other ways. I don't run a common cgi > dir like you'r asking, but I do virtual hosts and they share one centrally > located copy of cgiwrap. > > I put this in each <VirtualHost> directive > > ScriptAlias /cgi-bin/ /apache/cgi-bin/cgiwrap/$username/ > > Substitute the actual username, of course, for $username. You tell cgiwrap > when you compile it where the user cgi-dir is located relative to doc root > > Scripts are called just like one normally would, e.g., > > <form action="/cgi-bin/somescript.cgi"> > > On Sun, 5 Nov 2000, Ken wrote: > > > I'm new to the list. I had a look through the archives but did not find > > what I am looking for: > > > > Can anyone please send info or direct me to some URL's that go into detail > > on usage of CGIwrap in a virtual server type environment. For example I > > would like to allow my virtual hosts to have their own CGI-BIN, but of > > course I want to protect the server. I would also like to have a global > > CGI-BIN with common scripts that all virtual hosts could make use of. Do I > > need to install a separate version of CGIwrap for each virtual host? > > > > Any useful info or links would be greatly appreciated. |
From: Ralph H. <rj...@mo...> - 2000-11-05 20:11:26
|
Hi Ken, Here's how I do it. I know there are other ways. I don't run a common cgi dir like you'r asking, but I do virtual hosts and they share one centrally located copy of cgiwrap. I put this in each <VirtualHost> directive ScriptAlias /cgi-bin/ /apache/cgi-bin/cgiwrap/$username/ Substitute the actual username, of course, for $username. You tell cgiwrap when you compile it where the user cgi-dir is located relative to doc root Scripts are called just like one normally would, e.g., <form action="/cgi-bin/somescript.cgi"> Hope this helps, Ralph On Sun, 5 Nov 2000, Ken wrote: > Hello: > > I'm new to the list. I had a look through the archives but did not find > what I am looking for: > > Can anyone please send info or direct me to some URL's that go into detail > on usage of CGIwrap in a virtual server type environment. For example I > would like to allow my virtual hosts to have their own CGI-BIN, but of > course I want to protect the server. I would also like to have a global > CGI-BIN with common scripts that all virtual hosts could make use of. Do I > need to install a separate version of CGIwrap for each virtual host? > > Any useful info or links would be greatly appreciated. > > Thank You. > _______________________________________________ > cgiwrap-users mailing list > cgi...@li... > http://lists.sourceforge.net/mailman/listinfo/cgiwrap-users > |
From: Ken <dol...@ho...> - 2000-11-05 18:14:36
|
Hello: I'm new to the list. I had a look through the archives but did not find what I am looking for: Can anyone please send info or direct me to some URL's that go into detail on usage of CGIwrap in a virtual server type environment. For example I would like to allow my virtual hosts to have their own CGI-BIN, but of course I want to protect the server. I would also like to have a global CGI-BIN with common scripts that all virtual hosts could make use of. Do I need to install a separate version of CGIwrap for each virtual host? Any useful info or links would be greatly appreciated. Thank You. |
From: Ralph H. <rj...@mo...> - 2000-11-04 04:35:08
|
Does anyone have any insight into the compatibility problems I am seeing between cgiwrap and autocart? Is it an autocart problem? Has anyone seen this? We get cgiwrap error where extra path info shows username twice, as in Extra Path Info: /world/world/autocart.pl Clearly it should have been /world/autocart.pl. Naturally, the script is not found with that path info. |
From: Ralph H. <rj...@mo...> - 2000-11-04 04:32:03
|
Wondering why there have been no messages from this list in aabout 3 weeks. Anyone there? Everything okay? -=r=- |
From: Neulinger, N. R. <nn...@um...> - 2000-10-16 13:16:07
|
It's not really something in either direction that I'd really want to put in the mainline source. But you should be able to modify your local copy to do that easily enough. -- Nathan > -----Original Message----- > From: nicholas cole [mailto:ni...@pr...] > Sent: Sunday, October 15, 2000 10:59 PM > To: Nathan Neulinger > Subject: Re: cgiwrap and php? > > > on Thu, 28 Sep 2000, at 7:49am -0500 Nathan Neulinger wrote: > > > nicholas cole wrote: > > > > > > I've been on cgiwrap's mailing list looking around, and > > > since i'm just f'n confused about this, i thought i'd ask > > > you this as a start.. > > > > > > can php work with cgiwrap without putting a #! in the > > > script? > > > > > > personaly i don't have any problem putting a #! in my php > > > scripts, but i have customers that come in with php apps > > > that have shitloads of individual php scripts, just way too > > > many to add a #! to.. > > > > > > -- > > > nicholas cole > > > > I vaguely remember someone having mentioned making that > work. It would > > be a relatively easy fix in any case - just add some code to cgiwrap > > before the exec to automatically exec a script using a particular > > command. Although, I would suggest something like: > > > > if ( regular-exec-fails with a file-not-found error or similar ) > > { > > check filename > > if ( filename ends with .php ) > > { > > exec same command using php as interpreter > > } > > elsif ( filename ends with .pl ) > > { > > exec with perl... > > } > > else > > { > > generate error message > > } > > } > > > > Unfortunately, that probably would not take into account > that scripts > > without a #! are automatically fed to /bin/sh. > > > > You could just do that check+exec before the regular exec, but then > > there would be no way for a user to run a script using #! > that ran with > > a different perl or different php unless they did some sort > of exec in > > the script itself. > > > > I suppose if you had to, you could have cgiwrap open and > read the first > > couple of bytes of the script and only apply the > extension/exec check if > > the script didn't have a #!. > > > > -- > > Nathan > > I do like your idea, except for one thing, file extentions.. > > Consider for some fucked up reason Bob named his php scripts > with the extension .asdf. Now to get that to work with > cgiwrap without using #!, I'd have to recompile cgiwrap to > recognize that extension. > > Now correct me if I'm wrong here, but cgiwrapd is the same > as cgiwrap, and just does something different based upon > what it's run as.. So how about having cgiwrap-php and > cgiwrap-perl? That way nothing has to be done to get a new > extension to work with cgiwrap and be called using the > correct interpreter, without using #!. > > So when I get a customer who has php, perl, whatever scripts > named *.asdf on a server with forced cgiwrap usage, all I > have to tell them to do is add a handler for it in a > .htaccess file! =) > > How does it sound? > > -- > nicholas cole > > |
From: Mark W. <cg...@wi...> - 2000-10-10 20:53:13
|
Hi, I am new to administrating cgiwrap, please be patient. I have a script that writes out files to certain users accounts and then does chmod and chown commands to set the write permissions. The program runs fine when executed from the command line as root but when called via a web server it dies trying to write out the first file. Our web server is Apache/1.3.12 running on FreeBSD 3.4 When I installed cgiwrap the 4 binary's were installed to:- /usr/local/www/cgi-bin/ so I copied them to the users cgi-bin, the users name is hinwick and the path is /usr/www/hinwick/cgi-bin so in /usr/www/hinwick/cgi-bin/ I have cgiwrap with it's permissions set as u=rws g=rx o=rx and the actual script called mkdocs.pl with permissions 755 and owner hinwick.admin (group admin since the users who will be allowed to run this script are all part of admin group). I run the script via a url on a protected (by apaches htaccess things) html page, the url being:- http://www.hinwick.co.uk/cgi-bin/cgiwrap/hinwick/mkdocs.pl Only this reports back No script dir Ofcourse the script runs as http://www.hinwick.co.uk/cgi-bin/mkdocs.pl but just doesn't write out the files as it doesn't have permission. But will cgiwrap allow my script to write out to 10 different users accounts a file, doing a chown <user>.admin <filename> and then a chmod u=rw,g=rw,o=r <filename>? M. -- He came from Econet - Oh no, I've run out of underpants :( Home:- ja...@wi... http://www.wizdom.org.uk Shadow:- web...@sh... http://www.shadow.org.uk Work:- ne...@hi... http://www.hinwick.demon.co.uk Web site Monitoring:- http://www.shadow.org.uk/SiteSight/ |
From: Theodore J. <th...@tr...> - 2000-10-10 16:37:26
|
Hello All, Can anyone help me understand what this error message might mean?: [Tue Oct 10 09:40:37 2000] [warn] [client <ip address>] handler "cgi-wrapper" not found for: /home/sites/site3/web/ cgi-dir/setup.cgi [Tue Oct 10 09:40:37 2000] [error] [client <ip address>] Premature end of script headers: /usr/cgiwrap/cgiwrap Thanks Much!, ~ Theo |
From: Frederic F. <fi...@we...> - 2000-10-02 12:37:01
|
Hi ...again, This is my first try with CGIWRAP, does someone could help me to = configure it ? I need some help about --with-allow-file or --without-allow-file = directives etc... I would like users could use CGI put not access to all filesystem = resources ... (something like a chroot ~/public_html) And perhaps if it's possible to decide what are executable files allowed = for each user (by example perl but not 'ls' or 'bash') Others stuff like limited perl module available for each user ... In brief, I would user can use their scripts, but I want to sleep well = ;-)) Thanks for your help ! PS : I use a Linux server and Apache 1.3.12 /* WEBSTORE STAFF Fr=E9d=E9ric FILLON =20 Little Guru / Web Master */ #****************************# http://www.webstore.fr Le site de la C=F4te d'Azur : http://www.cote.azur.fr=20 #****************************# |
From: Frederic F. <fi...@we...> - 2000-09-30 12:32:34
|
Hi Everybody, This is my first try with CGIWRAP, does someone could help me to = configure it ? I need some help about --with-allow-file or --without-allow-file = directives etc... I would like users could use CGI put not access to all filesystem = resources ... (something like a chroot ~/public_html) And perhaps if it's possible to decide what are executable files allowed = for each user (by example perl but not 'ls' or 'bash') Others stuff like limited perl module availabe for each user ... In bref, I would user can use their scripts, but I want to sleep well = ;-)) Thanks for your help ! PS : I use a Linux server and Apache 1.3.12 /*=20 Fr=E9d=E9ric FILLON =20 Little Guru / Web Master */ |
From: <web...@du...> - 2000-09-29 21:42:44
|
> > nicholas cole wrote: > > > > I've been on cgiwrap's mailing list looking around, and > > since i'm just f'n confused about this, i thought i'd ask > > you this as a start.. > > > > can php work with cgiwrap without putting a #! in the > > script? > > > > personaly i don't have any problem putting a #! in my php > > scripts, but i have customers that come in with php apps > > that have shitloads of individual php scripts, just way too > > many to add a #! to.. > > > > -- If you're using linux, check out binfmt_misc (docs in /usr/src/linux/Documentation/binfmt_misc). Basically, it lets you send all files with a certain "magic number" (in your case probably "<?php") or file extension through an interpreter of your choice. -mike -- Mike Glover web...@du... Duluoz Networks http://www.duluoz.net |