cgiwrap-users Mailing List for CGIWrap (Page 18)

Brought to you by: nneul

cgiwrap-users

You can subscribe to this list here.

2000	Jan	Feb	Mar	Apr	May	Jun	Jul	Aug (21)	Sep (23)	Oct (4)	Nov (15)	Dec (25)
2001	Jan (5)	Feb (19)	Mar (19)	Apr (13)	May (12)	Jun (23)	Jul (6)	Aug (16)	Sep (6)	Oct (31)	Nov (23)	Dec (28)
2002	Jan (4)	Feb (9)	Mar (6)	Apr (23)	May (29)	Jun (16)	Jul (10)	Aug (41)	Sep (16)	Oct (8)	Nov (7)	Dec (7)
2003	Jan (13)	Feb (30)	Mar (6)	Apr (12)	May (23)	Jun (12)	Jul (11)	Aug (20)	Sep	Oct	Nov (10)	Dec (8)
2004	Jan (1)	Feb (11)	Mar (3)	Apr (10)	May (6)	Jun	Jul (3)	Aug (4)	Sep (3)	Oct (9)	Nov (2)	Dec
2005	Jan (7)	Feb	Mar (7)	Apr (1)	May (3)	Jun (2)	Jul (8)	Aug	Sep	Oct	Nov (2)	Dec (2)
2006	Jan (1)	Feb	Mar	Apr	May	Jun	Jul (2)	Aug (1)	Sep (2)	Oct (2)	Nov	Dec
2007	Jan	Feb	Mar	Apr (2)	May (12)	Jun (1)	Jul (1)	Aug	Sep (1)	Oct	Nov (14)	Dec
2008	Jan (5)	Feb (10)	Mar	Apr (12)	May (5)	Jun	Jul	Aug	Sep	Oct	Nov (6)	Dec
2009	Jan	Feb	Mar	Apr	May (2)	Jun	Jul	Aug	Sep (1)	Oct	Nov	Dec
2010	Jan	Feb	Mar (1)	Apr (4)	May	Jun	Jul	Aug	Sep	Oct (2)	Nov	Dec
2011	Jan	Feb	Mar	Apr	May (2)	Jun	Jul	Aug (5)	Sep	Oct	Nov	Dec
2013	Jan	Feb	Mar	Apr	May	Jun	Jul	Aug (2)	Sep	Oct	Nov	Dec (4)

Flat | Threaded

<< < 1 .. 16 17 18 19 20 .. 32 > >> (Page 18 of 32)

[cgiwrap-users] [Fwd: cgiwrap suggestion/tip]

From: Nathan N. <nn...@um...> - 2002-06-18 00:12:23

-- 

------------------------------------------------------------
Nathan Neulinger                       EMail:  nn...@um...
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216

[cgiwrap-users] php-cgiwrap 404 errors

From: Jeff B. <soi...@sg...> - 2002-06-15 05:05:26

When running php files wrapped under php-cgiwrap a missing page results in a
500 Internal Server Error.  Is it possible to force this to be a 404 Not
Found error?

Thanks,

Jeff

RE: [cgiwrap-users] CGI::Carp w/CGIWrap

From: Neulinger, N. <nn...@um...> - 2002-06-13 19:39:39

./configure --help
...
  --without-redirect-stderr
          don't redirect stderr to stdout in scripts
...


-- Nathan

------------------------------------------------------------
Nathan Neulinger                       EMail:  nn...@um...
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216


> -----Original Message-----
> From: Kyle [mailto:ky...@cc...]=20
> Sent: Thursday, June 13, 2002 2:30 PM
> To: Neulinger, Nathan
> Subject: Re: [cgiwrap-users] CGI::Carp w/CGIWrap
>=20
>=20
> Nathan,
>=20
> I have a multi-user system, but every user has their own error and
> access logs.  I found cgiwrapd useful when setting up the system
> originally, but I'm afraid the other users don't have access to it.
>=20
> Can you tell me how to recompile cgiwrap and *not* redirect stderr?  I
> checked the docs and don't see a switch for this.  Thanks.
>=20
> -Kyle
>=20
> "Neulinger, Nathan" wrote:
> >=20
> > Depends on how you configure cgiwrap. Default install is to redirect
> > stderr to stdout to make it more useful for multi-user diagnosis of
> > problems with scripts where the users don't have access to the error
> > log. (This is VERY useful when combined with cgiwrapd, as=20
> you can see
> > the exact error and script output intermingled.)
> >=20
> > -- Nathan
> >=20
> > ------------------------------------------------------------
> > Nathan Neulinger                       EMail:  nn...@um...
> > University of Missouri - Rolla         Phone: (573) 341-4841
> > Computing Services                       Fax: (573) 341-4216
> >=20
> > > -----Original Message-----
> > > From: Kyle [mailto:ky...@cc...]
> > > Sent: Thursday, June 13, 2002 2:00 PM
> > > To: CGIWrap Users Group
> > > Subject: [cgiwrap-users] CGI::Carp w/CGIWrap
> > >
> > >
> > > Hello group.  To put nicely formatted error messages into=20
> my server's
> > > error logs, I'm using CGI::Carp.  Carp nicely formats=20
> warn() and die()
> > > with time & date stamps and directs errors to STDERR. =20
> Apache takes
> > > information from STDERR and puts it in the http.err log.  But with
> > > CGIWrap installed, Apache doesn't seem to be getting the error
> > > messages.  Is there anything I can do to make it work the=20
> way Carp is
> > > supposed to?
> > >
> > > Here's a snippet of my httpd.conf:
> > >    ScriptAlias /cgi-bin/ /utils/cgi-bin/
> > >    AddHandler cgi-wrapper .cgi .pl
> > >    Action cgi-wrapper /cgi-bin/cgiwrap/~wfp86007
> > >    ErrorLog /net/www/wfp86007/logs/http.err
> > >    CustomLog /net/www/wfp86007/logs/access.log combined
> > >
> > > More info about CGI::Carp can be found here:
> > > http://search.cpan.org/doc/LDS/CGI.pm-2.80/CGI/Carp.pm
> > >
> > > Thanks!
> > >
> > > -Kyle
> > >
> > > _______________________________________________________________
> > >
> > > Don't miss the 2002 Sprint PCS Application Developer's Conference
> > > August 25-28 in Las Vegas -
> > > http://devcon.sprintpcs.com/adp/index.cfm?> source=3Dosdntextlink
> > >
> > >
> > > _______________________________________________
> > > cgiwrap-users mailing list
> > > cgi...@li...
> > > https://lists.sourceforge.net/lists/listinfo/cgiwrap-users
> > >
>=20

RE: [cgiwrap-users] CGI::Carp w/CGIWrap

From: Neulinger, N. <nn...@um...> - 2002-06-13 19:12:41

Depends on how you configure cgiwrap. Default install is to redirect
stderr to stdout to make it more useful for multi-user diagnosis of
problems with scripts where the users don't have access to the error
log. (This is VERY useful when combined with cgiwrapd, as you can see
the exact error and script output intermingled.)

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       EMail:  nn...@um...
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216


> -----Original Message-----
> From: Kyle [mailto:ky...@cc...]=20
> Sent: Thursday, June 13, 2002 2:00 PM
> To: CGIWrap Users Group
> Subject: [cgiwrap-users] CGI::Carp w/CGIWrap
>=20
>=20
> Hello group.  To put nicely formatted error messages into my server's
> error logs, I'm using CGI::Carp.  Carp nicely formats warn() and die()
> with time & date stamps and directs errors to STDERR.  Apache takes
> information from STDERR and puts it in the http.err log.  But with
> CGIWrap installed, Apache doesn't seem to be getting the error
> messages.  Is there anything I can do to make it work the way Carp is
> supposed to?
>=20
> Here's a snippet of my httpd.conf:
>    ScriptAlias /cgi-bin/ /utils/cgi-bin/
>    AddHandler cgi-wrapper .cgi .pl
>    Action cgi-wrapper /cgi-bin/cgiwrap/~wfp86007
>    ErrorLog /net/www/wfp86007/logs/http.err
>    CustomLog /net/www/wfp86007/logs/access.log combined
>=20
> More info about CGI::Carp can be found here:
> http://search.cpan.org/doc/LDS/CGI.pm-2.80/CGI/Carp.pm
>=20
> Thanks!
>=20
> -Kyle
>=20
> _______________________________________________________________
>=20
> Don't miss the 2002 Sprint PCS Application Developer's Conference
> August 25-28 in Las Vegas -=20
> http://devcon.sprintpcs.com/adp/index.cfm?> source=3Dosdntextlink
>=20
>=20
> _______________________________________________
> cgiwrap-users mailing list
> cgi...@li...
> https://lists.sourceforge.net/lists/listinfo/cgiwrap-users
>=20

[cgiwrap-users] CGI::Carp w/CGIWrap

From: Kyle <ky...@cc...> - 2002-06-13 19:00:05

Hello group.  To put nicely formatted error messages into my server's
error logs, I'm using CGI::Carp.  Carp nicely formats warn() and die()
with time & date stamps and directs errors to STDERR.  Apache takes
information from STDERR and puts it in the http.err log.  But with
CGIWrap installed, Apache doesn't seem to be getting the error
messages.  Is there anything I can do to make it work the way Carp is
supposed to?

Here's a snippet of my httpd.conf:
   ScriptAlias /cgi-bin/ /utils/cgi-bin/
   AddHandler cgi-wrapper .cgi .pl
   Action cgi-wrapper /cgi-bin/cgiwrap/~wfp86007
   ErrorLog /net/www/wfp86007/logs/http.err
   CustomLog /net/www/wfp86007/logs/access.log combined

More info about CGI::Carp can be found here:
http://search.cpan.org/doc/LDS/CGI.pm-2.80/CGI/Carp.pm

Thanks!

-Kyle

Re: [cgiwrap-users] Newbie question

From: David G. <dav...@ic...> - 2002-06-04 09:52:26

do you _really_ have to? you can always offload the root stuff to 
another setuid program, and have your cgi script call that program.

--
dave

Spiro Philopoulos wrote:
> I have to run a CGI script as root (I know this is not good security-wise but 
> unfortunately I have to) and I do this currently by setuiding the CGI binary 
> to root (chown root & chmod 4755) with Apache running as nobody. I was 
> wondering if using CGIwrap to run the CGI script as root is doable and if it 
> would improve, to whatever extent, the security. I ask this because suEXEC 
> (at least according to the documentation) doesn't 'like' running CGI scripts 
> as root at all. Any info would be greatly appreciated. Thanks.

[cgiwrap-users] Newbie question

From: Spiro P. <sph...@no...> - 2002-06-03 20:23:06

I have to run a CGI script as root (I know this is not good security-wise but 
unfortunately I have to) and I do this currently by setuiding the CGI binary 
to root (chown root & chmod 4755) with Apache running as nobody. I was 
wondering if using CGIwrap to run the CGI script as root is doable and if it 
would improve, to whatever extent, the security. I ask this because suEXEC 
(at least according to the documentation) doesn't 'like' running CGI scripts 
as root at all. Any info would be greatly appreciated. Thanks.

[cgiwrap-users] Is it possible to run scripts with argv's

From: <cg...@se...> - 2002-06-03 03:53:02

Hi,

Is it possible to run a script with arguments with cgiwrap
(eg http://url/cgi-bin/cgiwrap/user/script argv1 argv2 argv3)

And if so, how?

--

[cgiwrap-users] RE: cgiwrap

From: Nathan N. <nn...@um...> - 2002-05-31 21:14:49

You probably configured cgiwrap with something bogus for the cgi-dir
configuration option.

I suggest you contact a local system administrator. As far as the uid
error, read the docs, that is a configuration option, and the default is
that way intentionally, it is extremely dangerous to put cgi scripts in
for 'root' if you are not knowledgeable enough to write them securely. 

-- Nathan

On Fri, 2002-05-31 at 16:10, Captain Zod wrote:
> I got around my problems by creating subdirectories in where the cgiwrap 
> was thinking the cgi-bin should be. I tested this setup with a regular user 
> and that works. I tried to recreate this for user root. So I created 
> /root/public_html/cgi-bin, and I am getting an access control error! Do yo 
> know what this is about?
> 
> CGIWrap Error: Access Control
> 
> ---------------------------------------------------------------------------
> -----
> 
> CGIWrap access control mechanism denied execution of this script for the 
> following reason:
> 
> UID of script userid less than configured minimum
> 
> 
> thx,
> 
> zod
> 
> 
> 
> --On Friday, May 31, 2002 3:08 PM -0500 "Neulinger, Nathan" <nn...@um...> 
> wrote:
> 
> > In that case, you should probably run your script under cgiwrapd to get
> > diagnostic messages on how it is parsing the url/etc.
> >
> > -- Nathan
> >>> >
> >> > so, for the below example
> >> >
> >> > http://host/cgi-bin/cgiwrap/cgiuser/cpass.cgi
> >> >
> >> > If you are using some hack with mod_rewrite, I'd suggest
> >> asking on the
> >> > list, as I am not doing anything with that.
> >> >
> >> > -- Nathan
> >> >
> >> > ------------------------------------------------------------
> >> > Nathan Neulinger                       EMail:  nn...@um...
> >> > University of Missouri - Rolla         Phone: (573) 341-4841
> >> > Computing Services                       Fax: (573) 341-4216
> >> >
> >> >
> >> >> -----Original Message-----
> >> >> From: Captain Zod [mailto:zod...@xd...]
> >> >> Sent: Friday, May 31, 2002 2:56 PM
> >> >> To: Neulinger, Nathan
> >> >> Cc: zo...@xd...
> >> >> Subject: cgiwrap
> >> >>
> >> >>
> >> >> Hello,
> >> >> Sorry to bother you but I am having the common problem of
> >> >> "CGIWrap Error:
> >> >> User not found". I created:
> >> >>
> >> >> User: cgiuser
> >> >> Home: /usr/local/cgiuser
> >> >> Dirs: /usr/local/cgiuser/public_html/cig-bin
> >> >> Permissions:
> >> >> [root@mail1 local]# ls -ld cgiuser
> >> >> drwxrwxrwx    4 cgiuser  cgiuser      4096 May 31 11:44 cgiuser
> >> >> [root@mail1 local]# ls -lR cgiuser
> >> >> cgiuser:
> >> >> total 4
> >> >> drwxrwxrwx    3 cgiuser  root         4096 May 31 11:44 public_html
> >> >>
> >> >> cgiuser/public_html:
> >> >> total 4
> >> >> drwxrwxrwx    2 cgiuser  root         4096 May 31 10:26 cgi-bin
> >> >>
> >> >> cgiuser/public_html/cgi-bin:
> >> >> total 4
> >> >> -rwxrwxrwx    1 cgiuser  apache        843 May 30 13:31 cpass.cgi
> >> >>
> >> >> I am accessing my site via: //host/cgiwrap/cpass.cgi
> >> >>
> >> >> I am getting:
> >> >> CGIWrap was unable to find the user '' in the password file
> >> >> on this server.
> >> >>
> >> >> Check the URL and try again.
> >> >>
> >> >>
> >> >> Server Data:
> >> >>
> >> >> Server Administrator/Contact: root@localhost
> >> >> Server Name: mail1.corp.xdrive.com
> >> >> Server Port: 80
> >> >> Server Protocol: HTTP/1.1
> >> >>
> >> >> Request Data:
> >> >>
> >> >> User Agent/Browser: Mozilla/4.0 (compatible; MSIE 5.01;
> >> >> Windows NT 5.0)
> >> >> Request Method: GET
> >> >> Remote Address: 66.27.179.24
> >> >> Remote Port: 3476
> >> >> Query String: user=cgiuser&script=cpass.cgi
> >> >> Extra Path Info: /
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >>
> >> >> Is there any apache modification I need to make? I am running:
> >> >> Apache 1.3.20-16
> >> >> CGIWrapper 3.7.1
> >> >>
> >> >> thx,
> >> >>
> >> >> zod
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
> 
> 
-- 


------------------------------------------------------------
Nathan Neulinger                       EMail:  nn...@um...
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216

Re[2]: FW: [cgiwrap-users] a potential security problem

From: Daniel L. <da...@lo...> - 2002-05-29 05:51:06

Hi,

> CGIwrap will not normally ever _run_ a script as root. It switches to
> the owner of the script before executing it.

IIRC, cgiwrap has by default the "minimum UID" checking enabled.
cgiwrap will refuse to execute a script with root permissions - unless
you explicitly want this.

-daniel

RE: [cgiwrap-users] a potential security problem

From: Nathan N. <nn...@um...> - 2002-05-29 03:13:28

Your support questions are going far beyond what I am willing to support
for free. I'll be happy to do custom coding or code review on a
consulting basis. 

In either case, I would strongly suggest you contact a professional who
is familiar with unix and web server security to do do your development
as you are likely to only open gaping security holes.

-- Nathan

On Tue, 2002-05-28 at 22:04, Jiang, Hai Dong (Harry) wrote:
> I modify cgiwrap.c.
> Could you review it for me?
> 
> What I want to do is :
> From web , User can access database in our server as his/her real account on
> unix server.
> Cgiwrap can do it?
>  
> harry
> 
> 
> -----Original Message-----
> From: Nathan Neulinger [mailto:nn...@um...]
> Sent: 2002?5?29? 10:55
> To: Jiang, Hai Dong (Harry)
> Cc: cgi...@li...
> Subject: RE: [cgiwrap-users] a potential security problem
> 
> Sounds like you have some other security problem with your server.
> 
> What groups is 'harry' in, including extra groups listed in /etc/groups.
> What are the exact permissions on /home/notharry/. How exactly did you
> configure cgiwrap.
> 
> Additionally, I'm not even sure what you're intending with the syntax
> below, because that is not valid cgiwrap syntax, and should be
> generating an error message. You do not have a userid present in that
> URL.
> 
> Please provide full and complete details of how your environment is
> configured.
> 
> -- Nathan
> 
> On Tue, 2002-05-28 at 21:40, Jiang, Hai Dong (Harry) wrote:
> > Nathan:
> >     But I do not know why the example I raised  do damage to my unix
> server?
> > I write a program called rmallfiles.pl (set 755 and owner is harry , web
> > server owner)like that:
> > rm -rf  /home/notharry
> >
> > then I put it into /cgi-bin/.
> > I access from web and input user as root. Input
> > http://*.*.*.*:8080/cgi-bin/cgiwrap/rmallfiles.pl
> >
> > Then all my files reside in /home/notharry   lost.
> >
> > Why?
> >
> > harry
> >
> > -----Original Message-----
> > From: Nathan Neulinger [mailto:nn...@um...]
> > Sent: 2002?5?29? 10:31
> > To: Jiang, Hai Dong (Harry)
> > Cc: cgi...@li...
> > Subject: RE: [cgiwrap-users] a potential security problem
> >
> > On Tue, 2002-05-28 at 21:26, Jiang, Hai Dong (Harry) wrote:
> > > Nathan:
> > >    Thank you very much for your prompt response!
> > >
> > > I notice a line in cgiwrap.c:
> > >
> > > ChangeID(user);
> > >
> > > So I think the cgiwrap should be owned by root , is it right?
> > > That is , cgiwrap should by setuid by root (4755 mod and owner is root)
> ?
> > >
> > > For example, the web server owner is harry.
> > > 1.  he setup a web user in conf/.htpasswd called root.
> > > 2. And he put malicious program on cgi-bin/ call rmallfiles.pl
> > > 3. he access web as root
> > > 4. URL is http://*.*.*.*:8080/cgiwrap/cgi-bin/rmallfiles.pl
> > >
> > > It is exemple for potential security.
> >
> > users in .htpasswd have nothing to do with unix userids that processes
> > run under.
> >
> > > harry
> > >
> > > -----Original Message-----
> > > From: Nathan Neulinger [mailto:nn...@um...]
> > > Sent: 2002?5?29? 9:50
> > > To: Jiang, Hai Dong (Harry)
> > > Cc: cgi...@li...
> > > Subject: Re: [cgiwrap-users] a potential security problem
> > >
> > > Unless you configured cgiwrap to allow executing scripts as root, this
> > > is not the case.
> > >
> > > Even still - it doesn't do you any good, since you'd still have to have
> > > root or specific-user permissions to install scripts into the users cgi
> > > directories.
> > >
> > > Please be more specific if this doesn't answer your question.
> > >
> > > -- Nathan
> > >
> > > On Tue, 2002-05-28 at 20:44, Jiang, Hai Dong (Harry) wrote:
> > > > All,
> > > >       I wonder if cgiwrap have security problem??
> > > > If web server owner's password is  known by malicious guys, he can
> setup
> > a
> > > > user call root and put some malicous program on web server , then he
> can
> > > > access and execute these program as root from web .  because cgiwrap
> > does
> > > > not check the unix password for web user .
> > > > Is it a potential security problem?
> > > >
> > > > harry
> > > >
> > > >
> > > > _______________________________________________________________
> > > >
> > > > Don't miss the 2002 Sprint PCS Application Developer's Conference
> > > > August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
> > > >
> > > > _______________________________________________
> > > > cgiwrap-users mailing list
> > > > cgi...@li...
> > > > https://lists.sourceforge.net/lists/listinfo/cgiwrap-users
> > > --
> > >
> > >
> > > ------------------------------------------------------------
> > > Nathan Neulinger                       EMail:  nn...@um...
> > > University of Missouri - Rolla         Phone: (573) 341-4841
> > > Computing Services                       Fax: (573) 341-4216
> > --
> >
> >
> > ------------------------------------------------------------
> > Nathan Neulinger                       EMail:  nn...@um...
> > University of Missouri - Rolla         Phone: (573) 341-4841
> > Computing Services                       Fax: (573) 341-4216
> --
> 
> 
> ------------------------------------------------------------
> Nathan Neulinger                       EMail:  nn...@um...
> University of Missouri - Rolla         Phone: (573) 341-4841
> Computing Services                       Fax: (573) 341-4216
> 
-- 


------------------------------------------------------------
Nathan Neulinger                       EMail:  nn...@um...
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216

Re: FW: [cgiwrap-users] a potential security problem

From: Nathan N. <nn...@um...> - 2002-05-29 03:02:35

CGIWrap has NOTHING to do with password checking!

And like I said before - the userid that cgiwrap executes script under
has absolutely nothing to do with userids in htpasswd files. That is
PURELY an issue of remote access control for what remote web clients are
allowed to request that the server execute a particular cgi script. The
_ONLY_ thing that .htpasswd/.htaccess do is determine whether or not a
cgi script is executed, and what the value of the REMOTE_USER
environment variable will be. It has nothing to do with what uid the
script runs as. 

CGIwrap will not normally ever _run_ a script as root. It switches to
the owner of the script before executing it.

I highly recommend that you contact your local system
administrator/expert to explain setuid executables, apache
configuration, and how cgi scripts function.

-- Nathan

On Tue, 2002-05-28 at 21:56, Jiang, Hai Dong (Harry) wrote:
> Nathan:
>     And we suppose web server owner is a bad buy!
> When he access web as root , cgiwrap will switch it to real root on unix
> server side.
> Then he can do anything root can do on server,right?
> Till now, cgiwrap will not check the root password on unix , it only check
> .htpasswd, right?
> 
> harry
> 
> 
> -----Original Message-----
> From: Jiang, Hai Dong (Harry) 
> Sent: 2002?5?29? 10:40
> To: 'Nathan Neulinger'
> Subject: RE: [cgiwrap-users] a potential security problem
> 
> Nathan:
>     But I do not know why the example I raised  do damage to my unix server?
> I write a program called rmallfiles.pl (set 755 and owner is harry , web
> server owner)like that:
> rm -rf  /home/notharry
> 
> then I put it into /cgi-bin/.
> I access from web and input user as root. Input
> http://*.*.*.*:8080/cgi-bin/cgiwrap/rmallfiles.pl
> 
> Then all my files reside in /home/notharry   lost.
> 
> Why?
> 
> harry
> 
> -----Original Message-----
> From: Nathan Neulinger [mailto:nn...@um...]
> Sent: 2002?5?29? 10:31
> To: Jiang, Hai Dong (Harry)
> Cc: cgi...@li...
> Subject: RE: [cgiwrap-users] a potential security problem
> 
> On Tue, 2002-05-28 at 21:26, Jiang, Hai Dong (Harry) wrote:
> > Nathan:
> >    Thank you very much for your prompt response!
> >
> > I notice a line in cgiwrap.c:
> >
> > ChangeID(user);
> >
> > So I think the cgiwrap should be owned by root , is it right?
> > That is , cgiwrap should by setuid by root (4755 mod and owner is root) ?
> >
> > For example, the web server owner is harry.
> > 1.  he setup a web user in conf/.htpasswd called root.
> > 2. And he put malicious program on cgi-bin/ call rmallfiles.pl
> > 3. he access web as root
> > 4. URL is http://*.*.*.*:8080/cgiwrap/cgi-bin/rmallfiles.pl
> >
> > It is exemple for potential security.
> 
> users in .htpasswd have nothing to do with unix userids that processes
> run under.
> 
> > harry
> >
> > -----Original Message-----
> > From: Nathan Neulinger [mailto:nn...@um...]
> > Sent: 2002?5?29? 9:50
> > To: Jiang, Hai Dong (Harry)
> > Cc: cgi...@li...
> > Subject: Re: [cgiwrap-users] a potential security problem
> >
> > Unless you configured cgiwrap to allow executing scripts as root, this
> > is not the case.
> >
> > Even still - it doesn't do you any good, since you'd still have to have
> > root or specific-user permissions to install scripts into the users cgi
> > directories.
> >
> > Please be more specific if this doesn't answer your question.
> >
> > -- Nathan
> >
> > On Tue, 2002-05-28 at 20:44, Jiang, Hai Dong (Harry) wrote:
> > > All,
> > >       I wonder if cgiwrap have security problem??
> > > If web server owner's password is  known by malicious guys, he can setup
> a
> > > user call root and put some malicous program on web server , then he can
> > > access and execute these program as root from web .  because cgiwrap
> does
> > > not check the unix password for web user .
> > > Is it a potential security problem?
> > >
> > > harry
> > >
> > >
> > > _______________________________________________________________
> > >
> > > Don't miss the 2002 Sprint PCS Application Developer's Conference
> > > August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
> > >
> > > _______________________________________________
> > > cgiwrap-users mailing list
> > > cgi...@li...
> > > https://lists.sourceforge.net/lists/listinfo/cgiwrap-users
> > --
> >
> >
> > ------------------------------------------------------------
> > Nathan Neulinger                       EMail:  nn...@um...
> > University of Missouri - Rolla         Phone: (573) 341-4841
> > Computing Services                       Fax: (573) 341-4216
> --
> 
> 
> ------------------------------------------------------------
> Nathan Neulinger                       EMail:  nn...@um...
> University of Missouri - Rolla         Phone: (573) 341-4841
> Computing Services                       Fax: (573) 341-4216
-- 


------------------------------------------------------------
Nathan Neulinger                       EMail:  nn...@um...
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216

RE: [cgiwrap-users] a potential security problem

From: Nathan N. <nn...@um...> - 2002-05-29 02:55:10

Sounds like you have some other security problem with your server. 

What groups is 'harry' in, including extra groups listed in /etc/groups.
What are the exact permissions on /home/notharry/. How exactly did you
configure cgiwrap. 

Additionally, I'm not even sure what you're intending with the syntax
below, because that is not valid cgiwrap syntax, and should be
generating an error message. You do not have a userid present in that
URL. 

Please provide full and complete details of how your environment is
configured. 

-- Nathan

On Tue, 2002-05-28 at 21:40, Jiang, Hai Dong (Harry) wrote:
> Nathan:
>     But I do not know why the example I raised  do damage to my unix server?
> I write a program called rmallfiles.pl (set 755 and owner is harry , web
> server owner)like that:
> rm -rf  /home/notharry
> 
> then I put it into /cgi-bin/.
> I access from web and input user as root. Input
> http://*.*.*.*:8080/cgi-bin/cgiwrap/rmallfiles.pl
> 
> Then all my files reside in /home/notharry   lost.
> 
> Why?
> 
> harry
> 
> -----Original Message-----
> From: Nathan Neulinger [mailto:nn...@um...]
> Sent: 2002?5?29? 10:31
> To: Jiang, Hai Dong (Harry)
> Cc: cgi...@li...
> Subject: RE: [cgiwrap-users] a potential security problem
> 
> On Tue, 2002-05-28 at 21:26, Jiang, Hai Dong (Harry) wrote:
> > Nathan:
> >    Thank you very much for your prompt response!
> >
> > I notice a line in cgiwrap.c:
> >
> > ChangeID(user);
> >
> > So I think the cgiwrap should be owned by root , is it right?
> > That is , cgiwrap should by setuid by root (4755 mod and owner is root) ?
> >
> > For example, the web server owner is harry.
> > 1.  he setup a web user in conf/.htpasswd called root.
> > 2. And he put malicious program on cgi-bin/ call rmallfiles.pl
> > 3. he access web as root
> > 4. URL is http://*.*.*.*:8080/cgiwrap/cgi-bin/rmallfiles.pl
> >
> > It is exemple for potential security.
> 
> users in .htpasswd have nothing to do with unix userids that processes
> run under.
> 
> > harry
> >
> > -----Original Message-----
> > From: Nathan Neulinger [mailto:nn...@um...]
> > Sent: 2002?5?29? 9:50
> > To: Jiang, Hai Dong (Harry)
> > Cc: cgi...@li...
> > Subject: Re: [cgiwrap-users] a potential security problem
> >
> > Unless you configured cgiwrap to allow executing scripts as root, this
> > is not the case.
> >
> > Even still - it doesn't do you any good, since you'd still have to have
> > root or specific-user permissions to install scripts into the users cgi
> > directories.
> >
> > Please be more specific if this doesn't answer your question.
> >
> > -- Nathan
> >
> > On Tue, 2002-05-28 at 20:44, Jiang, Hai Dong (Harry) wrote:
> > > All,
> > >       I wonder if cgiwrap have security problem??
> > > If web server owner's password is  known by malicious guys, he can setup
> a
> > > user call root and put some malicous program on web server , then he can
> > > access and execute these program as root from web .  because cgiwrap
> does
> > > not check the unix password for web user .
> > > Is it a potential security problem?
> > >
> > > harry
> > >
> > >
> > > _______________________________________________________________
> > >
> > > Don't miss the 2002 Sprint PCS Application Developer's Conference
> > > August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
> > >
> > > _______________________________________________
> > > cgiwrap-users mailing list
> > > cgi...@li...
> > > https://lists.sourceforge.net/lists/listinfo/cgiwrap-users
> > --
> >
> >
> > ------------------------------------------------------------
> > Nathan Neulinger                       EMail:  nn...@um...
> > University of Missouri - Rolla         Phone: (573) 341-4841
> > Computing Services                       Fax: (573) 341-4216
> --
> 
> 
> ------------------------------------------------------------
> Nathan Neulinger                       EMail:  nn...@um...
> University of Missouri - Rolla         Phone: (573) 341-4841
> Computing Services                       Fax: (573) 341-4216
-- 


------------------------------------------------------------
Nathan Neulinger                       EMail:  nn...@um...
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216

RE: [cgiwrap-users] a potential security problem

From: Nathan N. <nn...@um...> - 2002-05-29 02:30:59

On Tue, 2002-05-28 at 21:26, Jiang, Hai Dong (Harry) wrote:
> Nathan:
>    Thank you very much for your prompt response!
> 
> I notice a line in cgiwrap.c:
> 
> ChangeID(user);
> 
> So I think the cgiwrap should be owned by root , is it right?
> That is , cgiwrap should by setuid by root (4755 mod and owner is root) ?
> 
> For example, the web server owner is harry.
> 1.  he setup a web user in conf/.htpasswd called root.
> 2. And he put malicious program on cgi-bin/ call rmallfiles.pl
> 3. he access web as root 
> 4. URL is http://*.*.*.*:8080/cgiwrap/cgi-bin/rmallfiles.pl
> 
> It is exemple for potential security.

users in .htpasswd have nothing to do with unix userids that processes
run under. 

> harry
> 
> -----Original Message-----
> From: Nathan Neulinger [mailto:nn...@um...]
> Sent: 2002?5?29? 9:50
> To: Jiang, Hai Dong (Harry)
> Cc: cgi...@li...
> Subject: Re: [cgiwrap-users] a potential security problem
> 
> Unless you configured cgiwrap to allow executing scripts as root, this
> is not the case.
> 
> Even still - it doesn't do you any good, since you'd still have to have
> root or specific-user permissions to install scripts into the users cgi
> directories.
> 
> Please be more specific if this doesn't answer your question.
> 
> -- Nathan
> 
> On Tue, 2002-05-28 at 20:44, Jiang, Hai Dong (Harry) wrote:
> > All,
> >       I wonder if cgiwrap have security problem??
> > If web server owner's password is  known by malicious guys, he can setup a
> > user call root and put some malicous program on web server , then he can
> > access and execute these program as root from web .  because cgiwrap does
> > not check the unix password for web user .
> > Is it a potential security problem?
> >
> > harry
> >
> >
> > _______________________________________________________________
> >
> > Don't miss the 2002 Sprint PCS Application Developer's Conference
> > August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
> >
> > _______________________________________________
> > cgiwrap-users mailing list
> > cgi...@li...
> > https://lists.sourceforge.net/lists/listinfo/cgiwrap-users
> --
> 
> 
> ------------------------------------------------------------
> Nathan Neulinger                       EMail:  nn...@um...
> University of Missouri - Rolla         Phone: (573) 341-4841
> Computing Services                       Fax: (573) 341-4216
-- 


------------------------------------------------------------
Nathan Neulinger                       EMail:  nn...@um...
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216

RE: [cgiwrap-users] a potential security problem

From: Nathan N. <nn...@um...> - 2002-05-29 02:30:59

On Tue, 2002-05-28 at 21:26, Jiang, Hai Dong (Harry) wrote:
> Nathan:
>    Thank you very much for your prompt response!
> 
> I notice a line in cgiwrap.c:
> 
> ChangeID(user);
> 
> So I think the cgiwrap should be owned by root , is it right?
> That is , cgiwrap should by setuid by root (4755 mod and owner is root) ?
> 
> For example, the web server owner is harry.
> 1.  he setup a web user in conf/.htpasswd called root.
> 2. And he put malicious program on cgi-bin/ call rmallfiles.pl
> 3. he access web as root 
> 4. URL is http://*.*.*.*:8080/cgiwrap/cgi-bin/rmallfiles.pl
> 
> It is exemple for potential security.

users in .htpasswd have nothing to do with unix userids that processes
run under. 

> harry
> 
> -----Original Message-----
> From: Nathan Neulinger [mailto:nn...@um...]
> Sent: 2002?5?29? 9:50
> To: Jiang, Hai Dong (Harry)
> Cc: cgi...@li...
> Subject: Re: [cgiwrap-users] a potential security problem
> 
> Unless you configured cgiwrap to allow executing scripts as root, this
> is not the case.
> 
> Even still - it doesn't do you any good, since you'd still have to have
> root or specific-user permissions to install scripts into the users cgi
> directories.
> 
> Please be more specific if this doesn't answer your question.
> 
> -- Nathan
> 
> On Tue, 2002-05-28 at 20:44, Jiang, Hai Dong (Harry) wrote:
> > All,
> >       I wonder if cgiwrap have security problem??
> > If web server owner's password is  known by malicious guys, he can setup a
> > user call root and put some malicous program on web server , then he can
> > access and execute these program as root from web .  because cgiwrap does
> > not check the unix password for web user .
> > Is it a potential security problem?
> >
> > harry
> >
> >
> > _______________________________________________________________
> >
> > Don't miss the 2002 Sprint PCS Application Developer's Conference
> > August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
> >
> > _______________________________________________
> > cgiwrap-users mailing list
> > cgi...@li...
> > https://lists.sourceforge.net/lists/listinfo/cgiwrap-users
> --
> 
> 
> ------------------------------------------------------------
> Nathan Neulinger                       EMail:  nn...@um...
> University of Missouri - Rolla         Phone: (573) 341-4841
> Computing Services                       Fax: (573) 341-4216
-- 


------------------------------------------------------------
Nathan Neulinger                       EMail:  nn...@um...
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216

Re: [cgiwrap-users] a potential security problem

From: Nathan N. <nn...@um...> - 2002-05-29 01:50:04

Unless you configured cgiwrap to allow executing scripts as root, this
is not the case.

Even still - it doesn't do you any good, since you'd still have to have
root or specific-user permissions to install scripts into the users cgi
directories.

Please be more specific if this doesn't answer your question.

-- Nathan

On Tue, 2002-05-28 at 20:44, Jiang, Hai Dong (Harry) wrote:
> All,
>       I wonder if cgiwrap have security problem??
> If web server owner's password is  known by malicious guys, he can setup a
> user call root and put some malicous program on web server , then he can
> access and execute these program as root from web .  because cgiwrap does
> not check the unix password for web user .
> Is it a potential security problem?
> 
> harry
> 
> 
> _______________________________________________________________
> 
> Don't miss the 2002 Sprint PCS Application Developer's Conference
> August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
> 
> _______________________________________________
> cgiwrap-users mailing list
> cgi...@li...
> https://lists.sourceforge.net/lists/listinfo/cgiwrap-users
-- 


------------------------------------------------------------
Nathan Neulinger                       EMail:  nn...@um...
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216

[cgiwrap-users] a potential security problem

From: Jiang, H. D. (Harry) <hd...@lu...> - 2002-05-29 01:44:36

All,
      I wonder if cgiwrap have security problem??
If web server owner's password is  known by malicious guys, he can setup a
user call root and put some malicous program on web server , then he can
access and execute these program as root from web .  because cgiwrap does
not check the unix password for web user .
Is it a potential security problem?

harry

[cgiwrap-users] Re: cross-site scripting?

From: Nathan N. <nn...@um...> - 2002-05-27 14:53:45

Yes, version 3.7 is not vulnerable. All of the cases where cgiwrap will
output user content in html mode were encoded starting with version 3.7.
Since debug mode outputs in text/plain, there is not supposed to be any
"scripting" danger, since the content should not be interpreted in any
way. The only reason it's a problem with your browser is that MS has
chosen to ignore all standards of http client behavior, and ignore the
content-type returned with the document. 

I do not intend to change this to compensate for shitty browsers that
don't obey content types, since I consider it a feature that the content
is output exactly as received - that is a debugging feature. If I go
changing the content before it is output, then it is no longer
meaningful for debugging.

If you're concerned about this, should probably put access controls on
remote execution of scripts via cgiwrapd. Or don't allow cgiwrapd to be
run in your production environment.

-- Nathan

On Mon, 2002-05-27 at 05:07, K-IM wrote:
> 
> On Friday, May 24, 2002 9:45 PM, Nathan Neulinger wrote:
> 
> > There was a vulnerability... I suggest you get a more recent version.
> >
> 
> Thank you for your help,suggestion!
> 
> But I confused.
> 
> With debuging-mode,CGIwrap(ver3.7) realy is NOT vulnerable?
> 
> Please see this EXPLOIT code,
> 
> 1:normal-mode
> http://wmguy.pair.com/cgi-sys/cgiwrap/wmguy/x.cgi?<script>alert()</script>
> 
> #It is NOT vulnerable.
> (<DD><B>Query String</B>: &lt;script&gt;alert()&lt;/script&gt;)
> 
> 2:debug-mode
> http://wmguy.pair.com/cgi-sys/cgiwrapd/wmguy/x.cgi?<script>alert()</script>
> 
> #it seemes me, that vulnerable!
> (use windows InternetExplorer)
> 
> Is there still a vulnerability? or NOT?
> 
> Thank you.
> 
> ----- Original Message -----
> From: "Nathan Neulinger" <nn...@um...>
> To: "K-IM" <k-...@si...>
> Sent: Friday, May 24, 2002 9:45 PM
> Subject: Re: cross-site scripting?
> 
> 
> > There was a vulnerability... I suggest you get a more recent version.
> >
> > On Fri, 2002-05-24 at 04:18, K-IM wrote:
> > > hello!
> > >
> > > MY name is Katsumi Imaizumi.
> > > I lives in Japan.
> > >
> > > I have read
> > > 'CGIWrap - Frequently Asked Questions'
> > > http://cgiwrap.unixtools.org/faq.html
> > >
> > > Some quiestions.
> > >
> > > CGIwrap supports a debugging mode which can help to debug scripts.
> > > Is there vulunerability (cross-site scripting)?
> > >
> > > sample URL
> > >
> > >
> http://www.silverhotel.co.jp/cgiwrapDir/cgiwrapd/<script>alert()</script><st
> > >
> yle>body{background:url(javascript:document.body.innerHTML='<h1>HTML</h1>Hel
> > > lo%20World')}</style>--><!--
> > >
> > > or
> > >
> > >
> http://www.silverhotel.co.jp/cgiwrapDir/cgiwrapd/t.cgi?<style>body{backgroun
> > > d:url(javascript:document.body.innerHTML=document.domain)}</style>
> > >
> > > ------------------------------------------------------------
> > > Is there HTML version of cgiwrap'd' instead of text/plain ?
> > > ------------------------------------------------------------
> > >
> > > PLEASE help me!
> > >
> > > k-imaizumi.
> > >
> > >
> > >
> > --
> >
> >
> > ------------------------------------------------------------
> > Nathan Neulinger                       EMail:  nn...@um...
> > University of Missouri - Rolla         Phone: (573) 341-4841
> > Computing Services                       Fax: (573) 341-4216
> >
> 
-- 


------------------------------------------------------------
Nathan Neulinger                       EMail:  nn...@um...
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216

RE: [cgiwrap-users] Installing for mass hosting.

From: jeff <je...@cy...> - 2002-05-24 20:38:49

I'm using the webhost www.pair.com and they have a similar setup
to yours and they use cgi-wrap...

/home/username/cgi-bin/
/home/username/domain1/
/home/username/domain2/

to get it to work what they tell you to do is create a cgi-bin in
each of the domain accounts:

/home/username/domain1/cgi-bin/
/home/username/domain2/cgi-bin/

then create a sym link to the domain cgi-bin in the main user
cgi-bin with the domain name:

ln -s /home/username/domain1/cgi-bin /home/username/cgi-bin/domain1
ln -s /home/username/domain2/cgi-bin /home/username/cgi-bin/domain2

of course the domain cgi-bin's need to be able to execute cgi's...

also, they put their cgiwrap stuff in the 'cgi-sys' directory for what
purpose i'm not sure but I've copied their methodology on my own
server so as to create a systemwide cgi bin that all users can
access so that the default server can have it's own cgi scripts that
are not accessible by the user accounts.  Maybe that's their reason too.

lastly you call the cgi scripts in the corresponding domain cgi-bins
via:

http://www.domain1.com/cgi-sys/cgiwrap/username/domain1/path-to-script-insid
e-domain1-cgi-bin/script.cgi
http://www.domain2.com/cgi-sys/cgiwrap/username/domain2/path-to-script-insid
e-domain2-cgi-bin/script.cgi

so if you had script 'envars.cgi' in /home/username/domain1/cgi-bin/vars/
then you'd call it via:

http://www.domain1.com/cgi-sys/cgiwrap/username/domain1/vars/envars.cgi

HTH,

Jeff



> -----Original Message-----
> From: cgi...@li...
> [mailto:cgi...@li...]On Behalf Of chad
> Sent: Friday, May 24, 2002 12:48 PM
> To: cgi...@li...
> Subject: [cgiwrap-users] Installing for mass hosting.
>
>
> Hi,
>
> I'm looking at setting up CGIwrap for our mass hosting.
> The odd part is that our directory structure is:
>
>  /home/_username_/_domain_name_/
> 			cgi-bin
> 			htdocs
>
> So each cgi-bin directory corresponds to a domain and
> not to a user.  We have several users with multiple domains
> and allow custom FTP root directories.  ie a customer can
> have one account, many domains and, different individuals
> responsible for different domains/directories.
>
> While I could just give each user a common cgi-bin directory
> and configure CGIwrap to use that directory I would really
> rather not go changing the existing setup too much.
>
> I think mod_cgiwrap requires the cgi files to be in the
> document root.  That also changes a lot of existing sites.
> Though maybe cgi could be kept the same and a new
> file extention could be associated with mod_cgiwrap.
>
> Any ideas or suggestions?
>
> Thanks in advance,
> Chad
>
>
>
>
> _______________________________________________________________
>
> Don't miss the 2002 Sprint PCS Application Developer's Conference
> August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
>
> _______________________________________________
> cgiwrap-users mailing list
> cgi...@li...
> https://lists.sourceforge.net/lists/listinfo/cgiwrap-users
>

[cgiwrap-users] Installing for mass hosting.

From: chad <ch...@we...> - 2002-05-24 19:48:38

Hi,

I'm looking at setting up CGIwrap for our mass hosting.
The odd part is that our directory structure is:

 /home/_username_/_domain_name_/
			cgi-bin
			htdocs

So each cgi-bin directory corresponds to a domain and
not to a user.  We have several users with multiple domains
and allow custom FTP root directories.  ie a customer can
have one account, many domains and, different individuals
responsible for different domains/directories.

While I could just give each user a common cgi-bin directory
and configure CGIwrap to use that directory I would really
rather not go changing the existing setup too much.

I think mod_cgiwrap requires the cgi files to be in the
document root.  That also changes a lot of existing sites.
Though maybe cgi could be kept the same and a new
file extention could be associated with mod_cgiwrap.

Any ideas or suggestions?

Thanks in advance, 
Chad

RE: [cgiwrap-users] Problem starting applet from cgi script

From: Neulinger, N. <nn...@um...> - 2002-05-24 13:12:58

You probably are referencing the class wrong... From the =
scripts/browsers perspective "." =3D=3D ".../cgiwrap/netsaint/", not =
"~netsaint/public_html/cgi-bin".=20

Try making sure your class reference is absolute instead of relative. Or =
set a BASE HREF=3D"" on your output.=20

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       EMail:  nn...@um...
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216


> -----Original Message-----
> From: osc...@du... [mailto:osc...@du...]=20
> Sent: Friday, May 24, 2002 3:56 AM
> To: cgi...@li...
> Subject: [cgiwrap-users] Problem starting applet from cgi script
>=20
>=20
>=20
> Hi all,
>=20
> I have the following problem: A cgi script of mine that=20
> returns an HTML page
> containing an applet tag works when using it without cgiwrap,=20
> when using
> cgi-wrap it breaks. The browser complains about not being=20
> able to find the
> class.
>=20
> This is the working link:
>=20
> http://10.120.24.20/test/performance.cgi
>=20
> note that "test" is a softlink from document root to=20
> ~netsaint/public_html/cgi-bin
>=20
> This is the broken link:
> http://10.120.24.20/cgi-bin/cgiwrap/netsaint/performance.cgi
>=20
> The performance.cgi program is started, but the applet is not started.
> Anyone seen this before?
>=20
> regards,
> Oscar
> =20
>=20
>=20
>=20
>=20
>=20
>=20
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
> De verzonden informatie is uitsluitend bestemd voor de geadresseerde
> natuurlijke persoon of rechtspersoon en bevat mogelijk=20
> vertrouwelijke en/of
> geprivilegeerde gegevens. Met uitzondering van de=20
> geadresseerde persoon is
> het niet toegestaan de informatie openbaar te maken, te kopi=EBren, te
> verspreiden of anderszins actie te ondernemen op basis van de=20
> informatie.
> Indien u de informatie abusievelijk heeft ontvangen, neem dan=20
> contact op met
> de afzender en verwijder de informatie uit alle computers.=20
> Dutchtone staat
> niet in voor de juiste en complete verzending van de=20
> informatie, noch is zij
> aansprakelijk voor de vertraagde ontvangst hiervan.
>=20
> The information transmitted is intended exclusively for the=20
> person or entity
> to which it is addressed and may contain confidential and/or=20
> privileged
> material. Any disclosure, copying, distribution or other=20
> action  based upon
> the information by persons or entities other than the=20
> intended recipient is
> prohibited. If you receive this information in error, please=20
> contact the
> sender and delete the material from any and all computers.=20
> Dutchtone does
> not warrant a proper and complete transmission of this=20
> information, nor does
> it accept liability for any delays.
> =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
>=20
>=20
>=20
> _______________________________________________________________
>=20
> Don't miss the 2002 Sprint PCS Application Developer's Conference
> August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
>=20
> _______________________________________________
> cgiwrap-users mailing list
> cgi...@li...
> https://lists.sourceforge.net/lists/listinfo/cgiwrap-users
>=20

[cgiwrap-users] Problem starting applet from cgi script

From: <osc...@du...> - 2002-05-24 08:56:07

Hi all,

I have the following problem: A cgi script of mine that returns an HTML =
page
containing an applet tag works when using it without cgiwrap, when =
using
cgi-wrap it breaks. The browser complains about not being able to find =
the
class.

This is the working link:

http://10.120.24.20/test/performance.cgi

note that "test" is a softlink from document root to=20
~netsaint/public_html/cgi-bin

This is the broken link:
http://10.120.24.20/cgi-bin/cgiwrap/netsaint/performance.cgi

The performance.cgi program is started, but the applet is not started.
Anyone seen this before?

regards,
Oscar
=20






=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
De verzonden informatie is uitsluitend bestemd voor de geadresseerde
natuurlijke persoon of rechtspersoon en bevat mogelijk vertrouwelijke =
en/of
geprivilegeerde gegevens. Met uitzondering van de geadresseerde persoon =
is
het niet toegestaan de informatie openbaar te maken, te kopi=EBren, te
verspreiden of anderszins actie te ondernemen op basis van de =
informatie.
Indien u de informatie abusievelijk heeft ontvangen, neem dan contact =
op met
de afzender en verwijder de informatie uit alle computers. Dutchtone =
staat
niet in voor de juiste en complete verzending van de informatie, noch =
is zij
aansprakelijk voor de vertraagde ontvangst hiervan.

The information transmitted is intended exclusively for the person or =
entity
to which it is addressed and may contain confidential and/or privileged
material. Any disclosure, copying, distribution or other action  based =
upon
the information by persons or entities other than the intended =
recipient is
prohibited. If you receive this information in error, please contact =
the
sender and delete the material from any and all computers. Dutchtone =
does
not warrant a proper and complete transmission of this information, nor =
does
it accept liability for any delays.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

RE: [cgiwrap-users] cgiwrap and cvsweb.cgi

From: Neulinger, N. <nn...@um...> - 2002-05-17 20:26:45

No real need to, but since I needed to adjust the environment vars for
viewcvs, that's how I did it. You might be able to fix your problem with
cvsweb.cgi similarly.

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       EMail:  nn...@um...
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216


> -----Original Message-----
> From: jeff [mailto:je...@cy...]=20
> Sent: Friday, May 17, 2002 3:08 PM
> To: Neulinger, Nathan; Jeff Bert
> Cc: cgi...@li...
> Subject: RE: [cgiwrap-users] cgiwrap and cvsweb.cgi
>=20
>=20
> Ah, so it's best to put the real cvs.cgi program outside
> of the web tree?
>=20
> Sorry for the questions... I've only ever been a user of cvs.
>=20
> Jeff
>=20
> > -----Original Message-----
> > From: cgi...@li...
> > [mailto:cgi...@li...]On Behalf Of
> > Neulinger, Nathan
> > Sent: Friday, May 17, 2002 12:53 PM
> > To: Jeff Bert
> > Cc: cgi...@li...
> > Subject: RE: [cgiwrap-users] cgiwrap and cvsweb.cgi
> >
> >
> > I put that as the cgi that gets installed - in the cgi-bin=20
> dir. It then
> > exec's the real viewcvs.
> >
> > -- Nathan
> >
> > ------------------------------------------------------------
> > Nathan Neulinger                       EMail:  nn...@um...
> > University of Missouri - Rolla         Phone: (573) 341-4841
> > Computing Services                       Fax: (573) 341-4216
> >
> >
> > > -----Original Message-----
> > > From: Jeff Bert [mailto:soi...@sg...]
> > > Sent: Friday, May 17, 2002 2:31 PM
> > > To: Neulinger, Nathan
> > > Cc: cgi...@li...
> > > Subject: RE: [cgiwrap-users] cgiwrap and cvsweb.cgi
> > >
> > >
> > > Nathan,
> > >
> > > where did you put that script portion?
> > >
> > > Jeff
> > >
> > > > -----Original Message-----
> > > > From: cgi...@li...
> > > > [mailto:cgi...@li...]On Behalf
> > > Of Nathan
> > > > Neulinger
> > > > Sent: Friday, May 17, 2002 5:43 AM
> > > > To: jeff
> > > > Cc: cgi...@li...
> > > > Subject: Re: [cgiwrap-users] cgiwrap and cvsweb.cgi
> > > >
> > > >
> > > > I'm pretty sure I had cvsweb working with cgiwrap without
> > > any trouble,
> > > > but have since switched to viewcvs, which I think works nicer.
> > > >
> > > > The one thing with it that I had to do was wrap it
> > > >
> > > > 	if ( $ENV{PATH_INFO} eq "" )
> > > > 	{
> > > > 	        $ENV{PATH_INFO} =3D "/";
> > > > 	        $ENV{SCRIPT_NAME} =3D
> > > > "/auth-cgi-bin/cgiwrap/viewcvs/viewcvs";
> > > > 	}
> > > >
> > > > 	exec "/umr/s/viewcvs/install/cgi/viewcvs.cgi";
> > > >
> > > >
> > > > On Fri, 2002-05-17 at 04:48, jeff wrote:
> > > > > I'm trying to install cvsweb.cgi on my webserver on a wrapped
> > > > users account.
> > > > > If I call the script non-wrapped it at least brings up
> > > the front page.
> > > > > However, if I call it wrapped then it seems to go into some
> > > > endless loop and
> > > > > never brings up the page.
> > > > >
> > > > > Is there an incompatibility with cgiwrap and cvsweb.cgi?
> > > > >
> > > > > Or do I have a setting wrong?
> > > > >
> > > > > Since it seems to load unwrapped I'm not sure what=20
> could be wrong.
> > > > >
> > > > > thanks,
> > > > >
> > > > > Jeff
> > > > >
> > > > >
> > > > >=20
> _______________________________________________________________
> > > > >
> > > > > Have big pipes? SourceForge.net is looking for download
> > > > mirrors. We supply
> > > > > the hardware. You get the recognition. Email Us:
> > > > ban...@so...
> > > > > _______________________________________________
> > > > > cgiwrap-users mailing list
> > > > > cgi...@li...
> > > > > https://lists.sourceforge.net/lists/listinfo/cgiwrap-users
> > > > --
> > > >
> > > >
> > > > ------------------------------------------------------------
> > > > Nathan Neulinger                       EMail:  nn...@um...
> > > > University of Missouri - Rolla         Phone: (573) 341-4841
> > > > Computing Services                       Fax: (573) 341-4216
> > > >
> > > >
> > > > _______________________________________________________________
> > > >
> > > > Have big pipes? SourceForge.net is looking for download
> > > mirrors. We supply
> > > > the hardware. You get the recognition. Email Us:
> > > ban...@so...
> > > > _______________________________________________
> > > > cgiwrap-users mailing list
> > > > cgi...@li...
> > > > https://lists.sourceforge.net/lists/listinfo/cgiwrap-users
> > > >
> > >
> > >
> >
> > _______________________________________________________________
> >
> > Hundreds of nodes, one monster rendering program.
> > Now that=12s a super model! Visit =
http://clustering.foundries.sf.net/
> > _______________________________________________
> > cgiwrap-users mailing list
> > cgi...@li...
> > https://lists.sourceforge.net/lists/listinfo/cgiwrap-users
> >
>=20
>=20

RE: [cgiwrap-users] cgiwrap and cvsweb.cgi

From: jeff <je...@cy...> - 2002-05-17 20:05:16

Ah, so it's best to put the real cvs.cgi program outside
of the web tree?

Sorry for the questions... I've only ever been a user of cvs.

Jeff

> -----Original Message-----
> From: cgi...@li...
> [mailto:cgi...@li...]On Behalf Of
> Neulinger, Nathan
> Sent: Friday, May 17, 2002 12:53 PM
> To: Jeff Bert
> Cc: cgi...@li...
> Subject: RE: [cgiwrap-users] cgiwrap and cvsweb.cgi
>
>
> I put that as the cgi that gets installed - in the cgi-bin dir. It then
> exec's the real viewcvs.
>
> -- Nathan
>
> ------------------------------------------------------------
> Nathan Neulinger                       EMail:  nn...@um...
> University of Missouri - Rolla         Phone: (573) 341-4841
> Computing Services                       Fax: (573) 341-4216
>
>
> > -----Original Message-----
> > From: Jeff Bert [mailto:soi...@sg...]
> > Sent: Friday, May 17, 2002 2:31 PM
> > To: Neulinger, Nathan
> > Cc: cgi...@li...
> > Subject: RE: [cgiwrap-users] cgiwrap and cvsweb.cgi
> >
> >
> > Nathan,
> >
> > where did you put that script portion?
> >
> > Jeff
> >
> > > -----Original Message-----
> > > From: cgi...@li...
> > > [mailto:cgi...@li...]On Behalf
> > Of Nathan
> > > Neulinger
> > > Sent: Friday, May 17, 2002 5:43 AM
> > > To: jeff
> > > Cc: cgi...@li...
> > > Subject: Re: [cgiwrap-users] cgiwrap and cvsweb.cgi
> > >
> > >
> > > I'm pretty sure I had cvsweb working with cgiwrap without
> > any trouble,
> > > but have since switched to viewcvs, which I think works nicer.
> > >
> > > The one thing with it that I had to do was wrap it
> > >
> > > 	if ( $ENV{PATH_INFO} eq "" )
> > > 	{
> > > 	        $ENV{PATH_INFO} = "/";
> > > 	        $ENV{SCRIPT_NAME} =
> > > "/auth-cgi-bin/cgiwrap/viewcvs/viewcvs";
> > > 	}
> > >
> > > 	exec "/umr/s/viewcvs/install/cgi/viewcvs.cgi";
> > >
> > >
> > > On Fri, 2002-05-17 at 04:48, jeff wrote:
> > > > I'm trying to install cvsweb.cgi on my webserver on a wrapped
> > > users account.
> > > > If I call the script non-wrapped it at least brings up
> > the front page.
> > > > However, if I call it wrapped then it seems to go into some
> > > endless loop and
> > > > never brings up the page.
> > > >
> > > > Is there an incompatibility with cgiwrap and cvsweb.cgi?
> > > >
> > > > Or do I have a setting wrong?
> > > >
> > > > Since it seems to load unwrapped I'm not sure what could be wrong.
> > > >
> > > > thanks,
> > > >
> > > > Jeff
> > > >
> > > >
> > > > _______________________________________________________________
> > > >
> > > > Have big pipes? SourceForge.net is looking for download
> > > mirrors. We supply
> > > > the hardware. You get the recognition. Email Us:
> > > ban...@so...
> > > > _______________________________________________
> > > > cgiwrap-users mailing list
> > > > cgi...@li...
> > > > https://lists.sourceforge.net/lists/listinfo/cgiwrap-users
> > > --
> > >
> > >
> > > ------------------------------------------------------------
> > > Nathan Neulinger                       EMail:  nn...@um...
> > > University of Missouri - Rolla         Phone: (573) 341-4841
> > > Computing Services                       Fax: (573) 341-4216
> > >
> > >
> > > _______________________________________________________________
> > >
> > > Have big pipes? SourceForge.net is looking for download
> > mirrors. We supply
> > > the hardware. You get the recognition. Email Us:
> > ban...@so...
> > > _______________________________________________
> > > cgiwrap-users mailing list
> > > cgi...@li...
> > > https://lists.sourceforge.net/lists/listinfo/cgiwrap-users
> > >
> >
> >
>
> _______________________________________________________________
>
> Hundreds of nodes, one monster rendering program.
> Now thats a super model! Visit http://clustering.foundries.sf.net/
> _______________________________________________
> cgiwrap-users mailing list
> cgi...@li...
> https://lists.sourceforge.net/lists/listinfo/cgiwrap-users
>

RE: [cgiwrap-users] cgiwrap and cvsweb.cgi

From: Neulinger, N. <nn...@um...> - 2002-05-17 19:53:12

I put that as the cgi that gets installed - in the cgi-bin dir. It then
exec's the real viewcvs.

-- Nathan

------------------------------------------------------------
Nathan Neulinger                       EMail:  nn...@um...
University of Missouri - Rolla         Phone: (573) 341-4841
Computing Services                       Fax: (573) 341-4216


> -----Original Message-----
> From: Jeff Bert [mailto:soi...@sg...]=20
> Sent: Friday, May 17, 2002 2:31 PM
> To: Neulinger, Nathan
> Cc: cgi...@li...
> Subject: RE: [cgiwrap-users] cgiwrap and cvsweb.cgi
>=20
>=20
> Nathan,
>=20
> where did you put that script portion?
>=20
> Jeff
>=20
> > -----Original Message-----
> > From: cgi...@li...
> > [mailto:cgi...@li...]On Behalf=20
> Of Nathan
> > Neulinger
> > Sent: Friday, May 17, 2002 5:43 AM
> > To: jeff
> > Cc: cgi...@li...
> > Subject: Re: [cgiwrap-users] cgiwrap and cvsweb.cgi
> >
> >
> > I'm pretty sure I had cvsweb working with cgiwrap without=20
> any trouble,
> > but have since switched to viewcvs, which I think works nicer.
> >
> > The one thing with it that I had to do was wrap it
> >
> > 	if ( $ENV{PATH_INFO} eq "" )
> > 	{
> > 	        $ENV{PATH_INFO} =3D "/";
> > 	        $ENV{SCRIPT_NAME} =3D
> > "/auth-cgi-bin/cgiwrap/viewcvs/viewcvs";
> > 	}
> >
> > 	exec "/umr/s/viewcvs/install/cgi/viewcvs.cgi";
> >
> >
> > On Fri, 2002-05-17 at 04:48, jeff wrote:
> > > I'm trying to install cvsweb.cgi on my webserver on a wrapped
> > users account.
> > > If I call the script non-wrapped it at least brings up=20
> the front page.
> > > However, if I call it wrapped then it seems to go into some
> > endless loop and
> > > never brings up the page.
> > >
> > > Is there an incompatibility with cgiwrap and cvsweb.cgi?
> > >
> > > Or do I have a setting wrong?
> > >
> > > Since it seems to load unwrapped I'm not sure what could be wrong.
> > >
> > > thanks,
> > >
> > > Jeff
> > >
> > >
> > > _______________________________________________________________
> > >
> > > Have big pipes? SourceForge.net is looking for download
> > mirrors. We supply
> > > the hardware. You get the recognition. Email Us:
> > ban...@so...
> > > _______________________________________________
> > > cgiwrap-users mailing list
> > > cgi...@li...
> > > https://lists.sourceforge.net/lists/listinfo/cgiwrap-users
> > --
> >
> >
> > ------------------------------------------------------------
> > Nathan Neulinger                       EMail:  nn...@um...
> > University of Missouri - Rolla         Phone: (573) 341-4841
> > Computing Services                       Fax: (573) 341-4216
> >
> >
> > _______________________________________________________________
> >
> > Have big pipes? SourceForge.net is looking for download=20
> mirrors. We supply
> > the hardware. You get the recognition. Email Us:=20
> ban...@so...
> > _______________________________________________
> > cgiwrap-users mailing list
> > cgi...@li...
> > https://lists.sourceforge.net/lists/listinfo/cgiwrap-users
> >
>=20
>=20

2 messages has been excluded from this view by a project administrator.

Flat | Threaded

<< < 1 .. 16 17 18 19 20 .. 32 > >> (Page 18 of 32)