cgiwrap-users Mailing List for CGIWrap (Page 23)
Brought to you by:
nneul
Menu
▾
▴
cgiwrap-users
You can subscribe to this list here.
| 2000 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(21) |
Sep
(23) |
Oct
(4) |
Nov
(15) |
Dec
(25) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2001 |
Jan
(5) |
Feb
(19) |
Mar
(19) |
Apr
(13) |
May
(12) |
Jun
(23) |
Jul
(6) |
Aug
(16) |
Sep
(6) |
Oct
(31) |
Nov
(23) |
Dec
(28) |
| 2002 |
Jan
(4) |
Feb
(9) |
Mar
(6) |
Apr
(23) |
May
(29) |
Jun
(16) |
Jul
(10) |
Aug
(41) |
Sep
(16) |
Oct
(8) |
Nov
(7) |
Dec
(7) |
| 2003 |
Jan
(13) |
Feb
(30) |
Mar
(6) |
Apr
(12) |
May
(23) |
Jun
(12) |
Jul
(11) |
Aug
(20) |
Sep
|
Oct
|
Nov
(10) |
Dec
(8) |
| 2004 |
Jan
(1) |
Feb
(11) |
Mar
(3) |
Apr
(10) |
May
(6) |
Jun
|
Jul
(3) |
Aug
(4) |
Sep
(3) |
Oct
(9) |
Nov
(2) |
Dec
|
| 2005 |
Jan
(7) |
Feb
|
Mar
(7) |
Apr
(1) |
May
(3) |
Jun
(2) |
Jul
(8) |
Aug
|
Sep
|
Oct
|
Nov
(2) |
Dec
(2) |
| 2006 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(2) |
Aug
(1) |
Sep
(2) |
Oct
(2) |
Nov
|
Dec
|
| 2007 |
Jan
|
Feb
|
Mar
|
Apr
(2) |
May
(12) |
Jun
(1) |
Jul
(1) |
Aug
|
Sep
(1) |
Oct
|
Nov
(14) |
Dec
|
| 2008 |
Jan
(5) |
Feb
(10) |
Mar
|
Apr
(12) |
May
(5) |
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(6) |
Dec
|
| 2009 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(2) |
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2010 |
Jan
|
Feb
|
Mar
(1) |
Apr
(4) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
|
Dec
|
| 2011 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(2) |
Jun
|
Jul
|
Aug
(5) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2013 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(2) |
Sep
|
Oct
|
Nov
|
Dec
(4) |
|
From: Marten L. <le...@cn...> - 2001-11-14 17:48:57
|
Hello,
even a small perl script showing the uptime is hanging:
#!/usr/bin/perl
print "Content-type: text/plain\n\n";
system("uptime");
I started the script in debug-mode:
...
argv[0] = 'cgiwrapd'
Executing '/vrmd/http/web/test.pl'
Output of script follows:
=====================================================
<nothing follows, but connection stays open>
How can I configure cgiwrap to execute "uptime" or any other command?
Regards
Marten
|
|
From: Del G. M. <Mar...@Li...> - 2001-11-14 14:25:54
|
Hi Folks, Hope this question isn't too simplistic for y'all. I am trying to install CGIWRAP for the first time. I downloaded to tar.gz file and looked at its contents. In the installation instructions it states that I need to "copy the cgiwrap executable to my... cgi-bin directory". Which file is the executable? Doesn't CGIWRAP need a bunch of the files contained within the tar.gz file? If I copy the tar.gz file in its entirety to my server, where should I place it before untarring/unzipping? Sorry for my ignorance, but if anyone can help me get past the opening steps here I'd be eternally grateful. :) Marcus |
|
From: Marten L. <le...@va...> - 2001-11-14 00:49:58
|
Hello,
I got the following error
Warning: Unable to fork [/usr/X11R6/bin/convert > /dev/null] in test.php on line 26
doing an
$check = system("/usr/X11R6/bin/convert > /dev/null", $ret);
which worked with PHP as Apache Module perfectly. Is this a problem
with PHP als CGI or is this caused by cgiwrap? I didn't check so far
if e.g. a perl-script can fork a process.
Regards
Marten
|
|
From: Joe H. <on...@dc...> - 2001-11-08 19:16:55
|
On Thu, 8 Nov 2001, C Casey wrote: > Whenever we fill this form out: > > http://www.4burialinsurance.com/newtestform.html > > we get this message: > > CGIWrap Error: Script Execution Failed > CGIWrap encountered an error while attempting to execute this script: > > Error Message: Permission denied > Error Number: 13 > > The problem is that this script is exactly formatted like our other > scripts, but it doesn't work. The permissions and path are the same. > > Any ideas? Our administrator is recently out of the hospital. The 'Permission denied' line may not be regarding the script itself, but it might be generated from something that the script is called. For instance, with a perl script, if you have execute permissions on the file, but don't have perl binary, you're going to throw a similar error. ----- Joe Hourcle |
|
From: C C. <cc...@de...> - 2001-11-08 16:00:47
|
Whenever we fill this form out: http://www.4burialinsurance.com/newtestform.html we get this message: CGIWrap Error: Script Execution Failed CGIWrap encountered an error while attempting to execute this script: Error Message: Permission denied Error Number: 13 The problem is that this script is exactly formatted like our other scripts, but it doesn't work. The permissions and path are the same. Any ideas? Our administrator is recently out of the hospital. C Casey |
|
From: Neulinger, N. <nn...@um...> - 2001-10-31 21:32:42
|
You have to have the system administrator of the web server install it, it requires root permissions to be installed. -- Nathan ------------------------------------------------------------ Nathan Neulinger EMail: nn...@um... University of Missouri - Rolla Phone: (573) 341-4841 Computing Services Fax: (573) 341-4216 > -----Original Message----- > From: Ralph [mailto:ar...@st...] > Sent: Wednesday, October 31, 2001 3:24 PM > To: Nathan Neulinger > Subject: Re: CGIWRAP > > > HI, > To explain further, I have a website on powweb.com. It runs > perl and cgi scripts. I am trying to run 'perlshop', an > e-shoppping cgi script which calls for 'cgiwrap'. Ralph > |
|
From: Neulinger, N. <nn...@um...> - 2001-10-31 15:27:55
|
I've added this how-to to the FAQ in the cgiwrap package and homepage. It
will be in the next release (but that may be a while).
-- Nathan
------------------------------------------------------------
Nathan Neulinger EMail: nn...@um...
University of Missouri - Rolla Phone: (573) 341-4841
Computing Services Fax: (573) 341-4216
> -----Original Message-----
> From: Brian Allen [mailto:ba...@no...]
> Sent: Wednesday, October 31, 2001 9:21 AM
> To: Roberth Edberg
> Cc: cgi...@li...
> Subject: Re: [cgiwrap-users] Cgiwrap PHP
>
>
> Here is an informal how-to I wrote after I set up cgiwrap and php
> recently. Much thanks goes to Nathan Nuelinger for the
> pointing out the decisive step of compiling with
> --enable-discard-path.
>
> Download cgiwrap and set that up. I already had cgiwrap set
> up to wrap cgi scripts, but I did upgrade to the latest
> version. Get this working first with some simple cgi script
> tests. (BTW: Options you may find helpful include
> --with-cgi-dir and --with-httpd-user)
>
> Download the latest version of php and configure it as a cgi
> binary, not as a module. Basically, if you run ./configure
> with no options, php will
> be compiled as a cgi binary. (To set it up as an apache
> module, which you don't want to do if you want to wrap your
> scripts, you have to explicitly say ./configure --with-apache.)
>
> Before you compile php, however, and this is crucial,
> configure php with the option --enable-discard-path which
> allows you to move the php binary out of the web tree and
> into /usr/local/bin (which adds security), but more
> importantly it allows you to use php with cgiwrap properly.
>
> To summarize, you need to run ./configure
> --enable-discard-path plus any other options you may desire,
> and place the php binary in /usr/local/bin.
>
> Finally, you need the #!/usr/local/bin/php line at the very
> top of every php script you write. Then call the php script
> with cgiwrap exactly as you would call a cgi script. For example:
>
http://yourdomain.com/cgi-bin/cgiwrap/<username>/<phpscript>
Let me know if you have any questions.
Brian
On Wed, 31 Oct 2001, Roberth Edberg wrote:
> Hi,
>
> Is there any document who describes how to get cgiwrap working with
> php scripst on an apache server?
>
> \Rob
>
> _______________________________________________
> cgiwrap-users mailing list cgi...@li...
> https://lists.sourceforge.net/lists/listinfo/cgiwrap-users
>
____________________________________________________________________________
___
Brian Allen
University of Maryland University College
Unix/Internet Systems Programmer
____________________________________________________________________________
___
_______________________________________________
cgiwrap-users mailing list
cgi...@li...
https://lists.sourceforge.net/lists/listinfo/cgiwrap-users
|
|
From: Brian A. <ba...@no...> - 2001-10-31 15:20:49
|
Here is an informal how-to I wrote after I set up cgiwrap and php
recently. Much thanks goes to Nathan Nuelinger for the pointing out the
decisive step of compiling with --enable-discard-path.
Download cgiwrap and set that up. I already had cgiwrap set up to wrap
cgi scripts, but I did upgrade to the latest version. Get this working
first with some simple cgi script tests. (BTW: Options you may find
helpful include --with-cgi-dir and --with-httpd-user)
Download the latest version of php and configure it as a cgi binary, not
as a module. Basically, if you run ./configure with no options, php will
be compiled as a cgi binary. (To set it up as an apache module, which you
don't want to do if you want to wrap your scripts, you have to explicitly
say ./configure --with-apache.)
Before you compile php, however, and this is crucial, configure php with
the option --enable-discard-path which allows you to move the php binary
out of the web tree and into /usr/local/bin (which adds security), but
more importantly it allows you to use php with cgiwrap properly.
To summarize, you need to run ./configure --enable-discard-path plus any
other options you may desire, and place the php binary in /usr/local/bin.
Finally, you need the #!/usr/local/bin/php line at the very top of every
php script you write. Then call the php script with cgiwrap exactly as
you would call a cgi script. For example:
http://yourdomain.com/cgi-bin/cgiwrap/<username>/<phpscript>
Let me know if you have any questions.
Brian
On Wed, 31 Oct 2001, Roberth Edberg wrote:
> Hi,
>
> Is there any document who describes how to get cgiwrap working with php
> scripst on an apache server?
>
> \Rob
>
> _______________________________________________
> cgiwrap-users mailing list
> cgi...@li...
> https://lists.sourceforge.net/lists/listinfo/cgiwrap-users
>
_______________________________________________________________________________
Brian Allen
University of Maryland University College
Unix/Internet Systems Programmer
_______________________________________________________________________________
|
|
From: Piotr K. <ma...@ma...> - 2001-10-31 14:20:23
|
On Wed, Oct 31, 2001 at 01:26:18PM +0100, Roberth Edberg wrote: > Hi, > > Is there any document who describes how to get cgiwrap working with php > scripst on an apache server? You can try a patch from here: http://www.klaban.torun.pl/patches/cgiwrap/index.html Regards, -- Piotr Klaban |
|
From: Nathan N. <nn...@um...> - 2001-10-31 13:21:51
|
Roberth Edberg wrote: > > Hi, > > Is there any document who describes how to get cgiwrap working with php > scripst on an apache server? > > \Rob > > _______________________________________________ > cgiwrap-users mailing list > cgi...@li... > https://lists.sourceforge.net/lists/listinfo/cgiwrap-users Try --enable-discard-path. -- Nathan ------------------------------------------------------------ Nathan Neulinger EMail: nn...@um... University of Missouri - Rolla Phone: (573) 341-4841 Computing Services Fax: (573) 341-4216 |
|
From: Roberth E. <rob...@re...> - 2001-10-31 12:26:26
|
Hi, Is there any document who describes how to get cgiwrap working with php scripst on an apache server? \Rob |
|
From: Neulinger, N. <nn...@um...> - 2001-10-30 15:22:12
|
I have just released cgiwrap-3.7.1 which adds a --with-minimum-gid option to cgiwrap that checks both primary gid and auxilliary gids. It is not enabled by default to keep behavior same as previous releases. I would tend to agree with the comments below though, not really a big issue, but simple enough to add the optional check. New tars should show up on the sourceforge project file list... http://sourceforge.net/project/showfiles.php?group_id=8209 -- Nathan > -----Original Message----- > From: Pavel Kankovsky [mailto:pe...@ar...] > Sent: Friday, October 26, 2001 6:33 AM > To: Stefanos Harhalakis > Cc: bu...@se... > Subject: Re: Apache suexec > > > On Wed, 24 Oct 2001, Stefanos Harhalakis wrote: > > > Suppose we have mingid==100 and a user with gid==0 which > belongs to groups > > 123,234,345. Suexec will no execute and script for this user. > > > > Now suppose we have the same user with gid==123 which > belongs to groups0 > > ,234,345. Suexec will execute any cgi without problem. The > running cgi will > > be a member of all those groups. > > suexec does not check supplementary groups. It could do it > but I do not > think it is a serious problem--the motivation behind the checks is to > avoid accidental invocation of CGI programs running under > root or other > special accounts. > > --Pavel Kankovsky aka Peak [ Boycott > Microsoft--http://www.vcnet.com/bms ] > "Resistance is futile. Open your source code and prepare for > assimilation." > |
|
From: Joe H. <on...@dc...> - 2001-10-29 14:31:55
|
On Mon, 29 Oct 2001, Roberth Edberg wrote: > Hi, > > I'm new to this list and I have problems to set up "cgiwrap" on a Apache > server. The user is named "roberth" and the website is using > Virtualhost. /cgi-bin is actually /home/roberth/cgi-bin. "cgiwrap" is > located in /usr/local/bin and httpd.conf has entry: > > ScriptAlias /cgi-bin/ /usr/local/bin/cgiwrap/roberth/ > > The error is below. Any ideas? > > Regards, > Roberth Edberg > > > CGIWrap Error: Script File Not Found! It can't find the file that you've just requested. Make sure that the file is in whatever directory you've defined for roberth. [You should get more details if you call cgiwrapd], and that you haven't typo'd on the script name. ----- Joe Hourcle |
|
From: Ralph H. <rj...@mo...> - 2001-10-29 11:54:40
|
I forgot to mention that when you have the install-dir correctly set in the configure command, the make install will do the copying and chmod'ing for you. On Mon, 29 Oct 2001, Roberth Edberg wrote: > Hi, > > The "httpd" user runs apache, so this is was my configure: > > ./configure --with-httpd-user=3Dhttpd > > Then I did make, make install. > > I copied the cgiwrap from the make directory to /usr/local/bin and did > chmod 4755 on it. > > Any idea? > > Regards, > > Roberth Edberg > > -----Ursprungligt meddelande----- > Fr=E5n: Ralph Huntington [mailto:rj...@mo...] > Skickat: den 29 oktober 2001 12:21 > Till: Roberth Edberg > Kopia: cgi...@li... > =C4mne: Re: [cgiwrap-users] Bad config? > > > Show us your ./configure command from when you built cgiwrap > > On Mon, 29 Oct 2001, Roberth Edberg wrote: > > > Hi, > > > > I'm new to this list and I have problems to set up "cgiwrap" on a > Apache > > server. The user is named "roberth" and the website is using > > Virtualhost. /cgi-bin is actually /home/roberth/cgi-bin. "cgiwrap" is > > located in /usr/local/bin and httpd.conf has entry: > > > > ScriptAlias /cgi-bin/ /usr/local/bin/cgiwrap/roberth/ > > > > The error is below. Any ideas? > > > > Regards, > > Roberth Edberg > > > > > > CGIWrap Error: Script File Not Found! > > > ------------------------------------------------------------------------ > > -------- > > > > Script File Not Found! > > Server Data: > > Server Administrator/Contact: web...@ro... > > Server Name: robo.dnsalias.net > > Server Port: 80 > > Server Protocol: HTTP/1.1 > > Request Data: > > > > User Agent/Browser: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT > 5.0) > > Request Method: GET > > Remote Address: 193.108.0.9 > > Remote Port: 61358 > > Extra Path Info: /roberth/test.pl > > > > _______________________________________________ > > cgiwrap-users mailing list > > cgi...@li... > > https://lists.sourceforge.net/lists/listinfo/cgiwrap-users > > > |
|
From: Ralph H. <rj...@mo...> - 2001-10-29 11:53:21
|
Hi Roberth, Always write to the list so everyone sees the thread of discussion. Others may have your same question or have insight to offer. Anyway... > The "httpd" user runs apache, so this is was my configure: > > ./configure --with-httpd-user=3Dhttpd You need two more directives, one to tell cgiwrap where it will live and one to tell cgiwrap where the user's cgi-bin dir willl be. =09--with-install-dir=3D/usr/local/bin =09(if that's where you want it) =09--with-cgi-dir=3Dcgi-bin =09(relative to homedir) Those two should do it for you. Good luck!=09- Ralph Visit this URL (or consult the install doc) to see all the config directives: =09http://cgiwrap.unixtools.org/install.html > -----Ursprungligt meddelande----- > Fr=E5n: Ralph Huntington [mailto:rj...@mo...] > Skickat: den 29 oktober 2001 12:21 > Till: Roberth Edberg > Kopia: cgi...@li... > =C4mne: Re: [cgiwrap-users] Bad config? > > > Show us your ./configure command from when you built cgiwrap > > On Mon, 29 Oct 2001, Roberth Edberg wrote: > > > Hi, > > > > I'm new to this list and I have problems to set up "cgiwrap" on a > Apache > > server. The user is named "roberth" and the website is using > > Virtualhost. /cgi-bin is actually /home/roberth/cgi-bin. "cgiwrap" is > > located in /usr/local/bin and httpd.conf has entry: > > > > ScriptAlias /cgi-bin/ /usr/local/bin/cgiwrap/roberth/ > > > > The error is below. Any ideas? > > > > Regards, > > Roberth Edberg > > > > > > CGIWrap Error: Script File Not Found! > > > ------------------------------------------------------------------------ > > -------- > > > > Script File Not Found! > > Server Data: > > Server Administrator/Contact: web...@ro... > > Server Name: robo.dnsalias.net > > Server Port: 80 > > Server Protocol: HTTP/1.1 > > Request Data: > > > > User Agent/Browser: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT > 5.0) > > Request Method: GET > > Remote Address: 193.108.0.9 > > Remote Port: 61358 > > Extra Path Info: /roberth/test.pl > > > > _______________________________________________ > > cgiwrap-users mailing list > > cgi...@li... > > https://lists.sourceforge.net/lists/listinfo/cgiwrap-users > > > |
|
From: Ralph H. <rj...@mo...> - 2001-10-29 11:21:23
|
Show us your ./configure command from when you built cgiwrap On Mon, 29 Oct 2001, Roberth Edberg wrote: > Hi, > > I'm new to this list and I have problems to set up "cgiwrap" on a Apache > server. The user is named "roberth" and the website is using > Virtualhost. /cgi-bin is actually /home/roberth/cgi-bin. "cgiwrap" is > located in /usr/local/bin and httpd.conf has entry: > > ScriptAlias /cgi-bin/ /usr/local/bin/cgiwrap/roberth/ > > The error is below. Any ideas? > > Regards, > Roberth Edberg > > > CGIWrap Error: Script File Not Found! > ------------------------------------------------------------------------ > -------- > > Script File Not Found! > Server Data: > Server Administrator/Contact: web...@ro... > Server Name: robo.dnsalias.net > Server Port: 80 > Server Protocol: HTTP/1.1 > Request Data: > > User Agent/Browser: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0) > Request Method: GET > Remote Address: 193.108.0.9 > Remote Port: 61358 > Extra Path Info: /roberth/test.pl > > _______________________________________________ > cgiwrap-users mailing list > cgi...@li... > https://lists.sourceforge.net/lists/listinfo/cgiwrap-users > |
|
From: Roberth E. <rob...@re...> - 2001-10-29 09:42:33
|
Hi, I'm new to this list and I have problems to set up "cgiwrap" on a Apache server. The user is named "roberth" and the website is using Virtualhost. /cgi-bin is actually /home/roberth/cgi-bin. "cgiwrap" is located in /usr/local/bin and httpd.conf has entry: ScriptAlias /cgi-bin/ /usr/local/bin/cgiwrap/roberth/ The error is below. Any ideas? Regards, Roberth Edberg CGIWrap Error: Script File Not Found! ------------------------------------------------------------------------ -------- Script File Not Found! Server Data:=20 Server Administrator/Contact: web...@ro... Server Name: robo.dnsalias.net=20 Server Port: 80=20 Server Protocol: HTTP/1.1=20 Request Data:=20 User Agent/Browser: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)=20 Request Method: GET=20 Remote Address: 193.108.0.9=20 Remote Port: 61358=20 Extra Path Info: /roberth/test.pl=20 |
|
From: Joe H. <on...@dc...> - 2001-10-25 21:14:45
|
A note on mailing list ediquite -- Mail the list, not the person you respond to. Just because I can offer a quick response doesn't mean that I can take the time out to nit-pick your exact implementation, so I'm throwing this back out incase someone else can help you. ----- Joe Hourcle On Thu, 25 Oct 2001 ce...@sm... wrote: > > Hi, > > This is not the ideal solution, as I am hosting hundreds of sites... I > would need all clients to share the same user file or create a different > protected cgi-bin directories for cgiwrap for each of their protected > dirs... I guess there is no other solutions.. > > Is it possible to prevent CGIWRAP from being executed directly with a URL > such as server.com/cgi-bin/cgriwrap/usr/script? > > Thank you, > > cedric > > > > > > http://cgiwrap.unixtools.org/install.html > > > > > > Scroll to the bottom, for 'Password Protected Installation' > > > > ----- > > Joe Hourcle > > > > > |
|
From: Joe H. <on...@dc...> - 2001-10-25 20:34:40
|
On Thu, 25 Oct 2001 ce...@sm... wrote: > > Hi, > > Maybe this hass been discussed eariler but I could not find anything. > > I use CGIWRAP as an handler/action in apache so > http://domain.com/script.cgi is > automatically handled as http://domain.com/cgibin/cgiwrap/user/script.cgi. > > I have directories password protected with .htaccess files and I just > noticed that it was possible to bypass this password protection simply by > using directly > http://domain.com/cgibin/cgiwrap/user/passwordprotecteddir/script.cgi > > I should have thought about it earlier.. Any idea on how to fix this? Can > I place the cgiwrap executable outside of my CGIBIN? http://cgiwrap.unixtools.org/install.html Scroll to the bottom, for 'Password Protected Installation' ----- Joe Hourcle |
|
From: <ce...@sm...> - 2001-10-25 19:48:47
|
Hi, Maybe this hass been discussed eariler but I could not find anything. I use CGIWRAP as an handler/action in apache so http://domain.com/script.cgi is automatically handled as http://domain.com/cgibin/cgiwrap/user/script.cgi. I have directories password protected with .htaccess files and I just noticed that it was possible to bypass this password protection simply by using directly http://domain.com/cgibin/cgiwrap/user/passwordprotecteddir/script.cgi I should have thought about it earlier.. Any idea on how to fix this? Can I place the cgiwrap executable outside of my CGIBIN? Thank you, Cedric |
|
From: Neulinger, N. <nn...@um...> - 2001-10-24 13:43:54
|
-----Original Message----- From: Neulinger, Nathan Sent: Wednesday, October 24, 2001 8:43 AM To: bu...@se... Subject: RE: Apache suexec FYI - cgiwrap will have the same limitation, cause I don't check the aux groups for those same uid/gid limits. -- Nathan > -----Original Message----- > From: Stefanos Harhalakis [mailto:v1...@it...] > Sent: Tuesday, October 23, 2001 4:41 PM > To: bu...@se... > Subject: Apache suexec > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I've noticed something weird when using Apache and the > suexec wrapper. > Suexec is supposed not to change uid/gid to to anything less than > minuid/mingid. This is not so true. > > Suppose we have mingid==100 and a user with gid==0 which > belongs to groups > 123,234,345. Suexec will no execute and script for this user. > > Now suppose we have the same user with gid==123 which > belongs to groups0 > ,234,345. Suexec will execute any cgi without problem. The > running cgi will > be a member of all those groups. > > This can be tested by simply running a shell script which calls id. > > I've found http://bugs.apache.org/index.cgi/full/1001 dated > Sat Aug 16 13:39:01 1997. This is known for a long time but > there is nothing > done. At least there should be a note in the docs. I don't > think that there > exist a case where having gid<mingid is insecure, but being a > member of a > group with gid<mingid is secure. > > <<V13>> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.6 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iD8DBQE71eP1beTfnxxoC7oRAnfJAJ93brLvwrkOoyr4IZBzg0rAFFnEdACePPhZ > brpjfoY3/ek04hP8TdBbGqU= > =tAt7 > -----END PGP SIGNATURE----- > |
|
From: Joe H. <on...@dc...> - 2001-10-22 19:03:42
|
On Mon, 22 Oct 2001, Nathan wrote: > I am having a problem creating sub directories with cgi-wrap working. > I think it is becuase of the directories anyways. You forgot to mention if you're having problems with setting up cgiwrap, or if you're having a problem as a user of the system. If you're a user, please contact your local system administrator, as they have most likely disallowed subdirectories. If you're trying to set up yourself, it should allow subdirectories by default -- make sure you don't have the option '--without-script-subdirs' set when you configure. ----- Joe Hourcle |
|
From: Nathan <na...@th...> - 2001-10-22 18:33:44
|
I am having a problem creating sub directories with cgi-wrap working. I = think it is becuase of the directories anyways. Please Help me solve this problem. |
|
From: Daniel W. <da...@pr...> - 2001-10-20 06:54:45
|
Im having a very weird problem with CGIWrap. I need to beable to use the following method effectivly. ScriptAlias /Blurb /blah/cgiwrap Action cgi-wrapper /Blurb/cgiwrap AddHandler cgi-wrapper .cgi=20 Ive managed to recode small parts of the script to get it to run a = script correctly but... When POST data is sent to the script, it can't = read it. If you unfamiliar with how apache goes about sending post data, ill = explain a little. Apache basicaly sends the form data to STDOUT, which will be STDIN on = the receving script. The script then takes the CONTENT_LENGTH enviroment = varible and reads how ever much data CONTENT_LENGTH says there is from = STDIN. Heres the problem, the CONTENT_LENGTH var is set correctly, but nothing = is read from STDIN... Any clues why? Its been done, ive seen it done, i just need some clues as to whats = wrong.=20 The other methods of using CGIWrap, including all that lovely rewrite = will not work in this case. It needs to be completly seamless, with no = differences from normal CGI execution. Also i managed to grab the patched source for Cobalts version.... same = problem... Thanks for your time Danni Wilson Server Admininstrator/Programmer Progressive Ideas da...@pr... |
|
From: Joe H. <on...@dc...> - 2001-10-19 19:27:53
|
On Fri, 19 Oct 2001, Mark Montague wrote:
> On Fri, 19 Oct 2001, Joe Hourcle wrote:
>
> > --with-rewrite=FILE
> > use a file to rewrite user directories
> >
> > Unfortunately, I can't seem to find documentation on what the format of
> > this file is. Can someone point me in the right direction?
>
> The format of the file is lines of the form:
>
> username:relative/path/to/cgi-bin/directory/from/home/directory
Thanks.
> Documentation begins on line 1149 of the file util.c :)
even after a semester of c, and a class that I mistakenly took on cpp
[never again will I forget to check if it's an 'introduction to
programming' type class], I've been kind of shying away from digging
through C code.
Thanks for the reference, though.
> > [I mean, hell, I ideally, I'd love to be able to tell it to completely
> > ignore the password file, and use something else, but without breaking
> > digging through the code, I'm going to assume that it's just using
> > standard system calls, [which doesn't necessarily use the standard
> > password file, of course]]
>
> Well, digging through the code, on line 90 of cgiwrap.c we have:
>
> /* Now, get whatever information that is available about that */
> /* user - fetch this information from the passwd file or NIS */
> if ( !(user = getpwnam(userStr)) )
> {
> MSG_Error_NoSuchUser(userStr);
> }
>
> So you don't need a /etc/passwd file as long as your getpwnam()
> function in the standard library knows where to get user information.
> In other words, your assumption appears to be a valid one.
Well, unfortunately, we're not using a fully standard config [LDAP
authentication of users, but with the 'groups accounts' being maintained
in the password file], so I was just planning on keeping a cgiwrap.allow
file to ensure that the only the accounts for the group, and not the users
would be able to execute files.
[And to make it worse, it's a cluster, and I was hoping to be lazy, and
not have to propogate new users into the password files of each node]
> By the way, many thanks to Nathan for a great program! I think it
> is much better than suEXEC.
Definately. As annoying as the list of options is under './configure
--help', I'm actually finding a few uses where some of the that I've
ignored are becoming necessary [--without-check-group-writable for one]
And, not to mention, that I can't use suExec on netscape servers.
-----
Joe Hourcle
|
2 messages has been excluded from this view by a project administrator.
