LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   *BSD (http://www.linuxquestions.org/questions/%2Absd-17/)
-   -   OpenBSD Apache and cgi (http://www.linuxquestions.org/questions/%2Absd-17/openbsd-apache-and-cgi-237129/)

jeempc 09-30-2004 12:16 PM

OpenBSD Apache and cgi
 
Hello. Is there anything special I need to do with OpenBSD to get scripts to run in /var/www/cgi-bin?

Here are my settings in httpd.conf

ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

<Directory "/var/www/cgi-bin">
AllowOverride None
Options +ExecCGI
Order allow,deny
Allow from all
</Directory>

#AddHandler cgi-script .cgi
AddHandler cgi-script .cgi

-rwxr-xr-x 1 root daemon 250288 Sep 30 08:28 getin.cgi
-rwxr-xr-x 1 root bin 268 Mar 29 2004 printenv
-rwxr-xr-x 1 root bin 757 Mar 29 2004 test-cgi
-rwxr-xr-x 1 root daemon 97 Sep 30 08:35 test.cgi

None of the above scripts work. I am getting an internal server error.

here is the log

[Thu Sep 30 08:33:23 2004] [error] [client 198.108.51.11] Premature end of script headers: /cgi-bin/getin
[Thu Sep 30 08:33:54 2004] [error] [client 198.108.51.11] Premature end of script headers: /cgi-bin/getin.cgi
[Thu Sep 30 08:34:28 2004] [error] [client 198.108.51.11] Premature end of script headers: /cgi-bin/getin.cgi
[Thu Sep 30 08:36:03 2004] [error] [client 198.108.51.11] Premature end of script headers: /cgi-bin/test.cgi
[Thu Sep 30 08:36:20 2004] [error] [client 198.108.51.11] Premature end of script headers: /cgi-bin/test-cgi
[Thu Sep 30 08:37:02 2004] [error] [client 198.108.51.11] Premature end of script headers: /cgi-bin/printenv
[

All these scripts work from the command line though.

Thanks in Advance.

Jeempc

jeempc 09-30-2004 03:44 PM

I think it has something to do with chroot. I am still searching google.

Jeempc

chort 09-30-2004 05:55 PM

If the CGI scripts call something outside of /var/www, they will not work.

Try searching some of the OpenBSD mailing list archives at marc.theaimsgroup.com for "cgi chroot", or something like that.

jeempc 09-30-2004 08:01 PM

I will check out the link but I know for a fact that they are calling /usr/bin/perl which is typical for a cgi script.

Thanks

Jeempc

jeempc 09-30-2004 10:24 PM

"CGI scripts using Perl or another scripting language require the interpreter and support files to be present in the chroot environment. Note that adding scripting languages like Perl severely violates rule 1."

From link above, thanks chort.

So it seems that I would need to install perl, or link it somehow which I don't know how to do yet, in the /var/www directory. Does anyone have any experience with this?
People must not use OpenBSD for dynamic web servers by default for obvious security reasons. I am still new to all this.
I really dig getting a locked down system and opening up for what I need though. I think you learn more than playing with a system that is easy to break.

Jeempc

ziggy 02-13-2011 02:44 PM

Quote:

Originally Posted by jeempc (Post 1207014)
Hello. Is there anything special I need to do with OpenBSD to get scripts to run in /var/www/cgi-bin?



Been a few years since question asked, nevertheless this is answer with high search engine ranking though no one answered the question!

Assuming you understand the added danger of running apache without chroot, you can change your /etc/rc.conf HTTPD line to


httpd_flags="-u"

You'll have to reboot for your machine to see this.

then go into /var/www/cgi-bin and change the permissions on all the scripts to allow execution

cd /var/www/cgi-bin
chmod a+rx test-cgi
chmod a+rx printenv


now you can load /cgi-bin/printenv in your browser

you'll get your cgi script output

girarde 02-16-2011 04:01 PM

In OpenBSD, Apache is chrooted by default. Which does not mean that chroot is usable by everybody for all applications. It does mean that OpenBSD is initially configured for minimal risk, and configurations that incur additional risk must be actively chosen.

ziggy 02-17-2011 12:54 AM

Quote:

Originally Posted by girarde (Post 4260767)
In OpenBSD, Apache is chrooted by default. Which does not mean that chroot is usable by everybody for all applications. It does mean that OpenBSD is initially configured for minimal risk, and configurations that incur additional risk must be actively chosen.

I've been using OpenBSD for ten years, love it and donate the price of CD every six months when I download update.... BUT....that's just wrong to provide an audited, pro-policed and bug fixed apache but not the means to even run the included cgi-bin files. That's half-keistered, and one solution would be to provide a language interpreter within the chrooted jail. There are two obvious ways to do that. Better than "secure by default" is "provide secure conventions for doing actual work".

owda 03-14-2011 04:12 AM

Quote:

Originally Posted by ziggy (Post 4261140)
...that's just wrong to provide an audited, pro-policed and bug fixed apache but not the means to even run the included cgi-bin files. That's half-keistered, and one solution would be to provide a language interpreter within the chrooted jail.

I just checked my /var/www/cgi-bin directory on OpenBSD 4.8. The only useful program there is bgplg(8), which is an ELF binary "intended to be used in a chroot(2) environment" -- so all libraries are statically linked. This will run on a default installation. There are also two testing scripts (one Perl, the other /bin/sh).

Apache is a web server. Why should it include an interpreted language environment?

If you want Perl, just copy all the necessary files. Some people won't use Perl, and they are free to include whatever interpreter and/or libraries they desire in the chroot.

velikij 11-25-2012 02:15 PM

I have recently install OpenBSD 5.2, and having trouble making cgi work. I tried the instructions in #6 (to run Apache out of chroot), and can't get the printenv perl script to work. My web page "printenv.php" to run the script looks like:

<html>
<head>
<?php
$title="Test printenv cgi";
printf("<title>%s</title>\n", $title);
?>
</head>
<body>
<?php printf("<h2>%s</h2>\n", $title); ?>
<form action="/cgi-bin/printenv" method="get">
<input type="submit" name="submit" value="Printenv"
</form>

</body>
</html>

Apparently nothing happens when I click the submit button - the web page with the form remains on the screen.

Some system information:

OpenBSD lightning.local 5.2 GENERIC#278 i386
OpenBSD 5.2 (GENERIC) #278: Wed Aug 1 10:04:16 MDT 2012
deraadt@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
Actually this CPU is missing i686 instructions
cpu0: VIA Samuel 2 ("CentaurHauls" 686-class) 800 MHz
cpu0: FPU,DE,TSC,MSR,MTRR,PGE,MMX,3DNOW
cpu0 at mainbus0: (uniprocessor)
real mem = 502788096 (479MB)
avail mem = 483713024 (461MB)
spdmem0 at iic0 addr 0x50: 256MB DDR SDRAM non-parity PC3200CL3.0
spdmem1 at iic0 addr 0x51: 256MB DDR SDRAM non-parity PC2100CL2.5
Swap information:
root on wd0a (a6ebc77e99ef6c87.a) swap on wd0b dump on wd0b
Device 512-blocks Used Avail Capacity Priority
/dev/wd0b 1430205 0 1430205 0% 0
vga1 at pci1 dev 0 function 0 "VIA CLE266" rev 0x03

velikij 11-25-2012 02:41 PM

Oops: I found the problem in my html page #10 - I left off the closing ">" in the <submit > tag. Problem solved.

linosaurusroot 11-25-2012 03:48 PM

I copied perl into my chroot and run CGIs there.


All times are GMT -5. The time now is 01:56 PM.