LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > *BSD
User Name
Password
*BSD This forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.

Notices

Reply
 
Search this Thread
Old 09-30-2004, 01:16 PM   #1
jeempc
Member
 
Registered: Mar 2003
Location: Ann Arbor, MI
Distribution: Slackware 10.1
Posts: 119

Rep: Reputation: 15
OpenBSD Apache and cgi


Hello. Is there anything special I need to do with OpenBSD to get scripts to run in /var/www/cgi-bin?

Here are my settings in httpd.conf

ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

<Directory "/var/www/cgi-bin">
AllowOverride None
Options +ExecCGI
Order allow,deny
Allow from all
</Directory>

#AddHandler cgi-script .cgi
AddHandler cgi-script .cgi

-rwxr-xr-x 1 root daemon 250288 Sep 30 08:28 getin.cgi
-rwxr-xr-x 1 root bin 268 Mar 29 2004 printenv
-rwxr-xr-x 1 root bin 757 Mar 29 2004 test-cgi
-rwxr-xr-x 1 root daemon 97 Sep 30 08:35 test.cgi

None of the above scripts work. I am getting an internal server error.

here is the log

[Thu Sep 30 08:33:23 2004] [error] [client 198.108.51.11] Premature end of script headers: /cgi-bin/getin
[Thu Sep 30 08:33:54 2004] [error] [client 198.108.51.11] Premature end of script headers: /cgi-bin/getin.cgi
[Thu Sep 30 08:34:28 2004] [error] [client 198.108.51.11] Premature end of script headers: /cgi-bin/getin.cgi
[Thu Sep 30 08:36:03 2004] [error] [client 198.108.51.11] Premature end of script headers: /cgi-bin/test.cgi
[Thu Sep 30 08:36:20 2004] [error] [client 198.108.51.11] Premature end of script headers: /cgi-bin/test-cgi
[Thu Sep 30 08:37:02 2004] [error] [client 198.108.51.11] Premature end of script headers: /cgi-bin/printenv
[

All these scripts work from the command line though.

Thanks in Advance.

Jeempc
 
Old 09-30-2004, 04:44 PM   #2
jeempc
Member
 
Registered: Mar 2003
Location: Ann Arbor, MI
Distribution: Slackware 10.1
Posts: 119

Original Poster
Rep: Reputation: 15
I think it has something to do with chroot. I am still searching google.

Jeempc
 
Old 09-30-2004, 06:55 PM   #3
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
If the CGI scripts call something outside of /var/www, they will not work.

Try searching some of the OpenBSD mailing list archives at marc.theaimsgroup.com for "cgi chroot", or something like that.
 
Old 09-30-2004, 09:01 PM   #4
jeempc
Member
 
Registered: Mar 2003
Location: Ann Arbor, MI
Distribution: Slackware 10.1
Posts: 119

Original Poster
Rep: Reputation: 15
I will check out the link but I know for a fact that they are calling /usr/bin/perl which is typical for a cgi script.

Thanks

Jeempc
 
Old 09-30-2004, 11:24 PM   #5
jeempc
Member
 
Registered: Mar 2003
Location: Ann Arbor, MI
Distribution: Slackware 10.1
Posts: 119

Original Poster
Rep: Reputation: 15
"CGI scripts using Perl or another scripting language require the interpreter and support files to be present in the chroot environment. Note that adding scripting languages like Perl severely violates rule 1."

From link above, thanks chort.

So it seems that I would need to install perl, or link it somehow which I don't know how to do yet, in the /var/www directory. Does anyone have any experience with this?
People must not use OpenBSD for dynamic web servers by default for obvious security reasons. I am still new to all this.
I really dig getting a locked down system and opening up for what I need though. I think you learn more than playing with a system that is easy to break.

Jeempc
 
Old 02-13-2011, 03:44 PM   #6
ziggy
LQ Newbie
 
Registered: Feb 2011
Location: chicago IL USA
Distribution: ubuntu,debian,centos,redhat,openbsd
Posts: 2

Rep: Reputation: 0
Lightbulb

Quote:
Originally Posted by jeempc View Post
Hello. Is there anything special I need to do with OpenBSD to get scripts to run in /var/www/cgi-bin?


Been a few years since question asked, nevertheless this is answer with high search engine ranking though no one answered the question!

Assuming you understand the added danger of running apache without chroot, you can change your /etc/rc.conf HTTPD line to


httpd_flags="-u"

You'll have to reboot for your machine to see this.

then go into /var/www/cgi-bin and change the permissions on all the scripts to allow execution

cd /var/www/cgi-bin
chmod a+rx test-cgi
chmod a+rx printenv


now you can load /cgi-bin/printenv in your browser

you'll get your cgi script output
 
Old 02-16-2011, 05:01 PM   #7
girarde
Member
 
Registered: Oct 2007
Distribution: OpenBSD
Posts: 71

Rep: Reputation: 23
In OpenBSD, Apache is chrooted by default. Which does not mean that chroot is usable by everybody for all applications. It does mean that OpenBSD is initially configured for minimal risk, and configurations that incur additional risk must be actively chosen.
 
Old 02-17-2011, 01:54 AM   #8
ziggy
LQ Newbie
 
Registered: Feb 2011
Location: chicago IL USA
Distribution: ubuntu,debian,centos,redhat,openbsd
Posts: 2

Rep: Reputation: 0
Quote:
Originally Posted by girarde View Post
In OpenBSD, Apache is chrooted by default. Which does not mean that chroot is usable by everybody for all applications. It does mean that OpenBSD is initially configured for minimal risk, and configurations that incur additional risk must be actively chosen.
I've been using OpenBSD for ten years, love it and donate the price of CD every six months when I download update.... BUT....that's just wrong to provide an audited, pro-policed and bug fixed apache but not the means to even run the included cgi-bin files. That's half-keistered, and one solution would be to provide a language interpreter within the chrooted jail. There are two obvious ways to do that. Better than "secure by default" is "provide secure conventions for doing actual work".
 
Old 03-14-2011, 05:12 AM   #9
owda
Registered User
 
Registered: Jun 2009
Location: United Kingdom
Distribution: FreeBSD, OpenBSD
Posts: 1

Rep: Reputation: 0
Quote:
Originally Posted by ziggy View Post
...that's just wrong to provide an audited, pro-policed and bug fixed apache but not the means to even run the included cgi-bin files. That's half-keistered, and one solution would be to provide a language interpreter within the chrooted jail.
I just checked my /var/www/cgi-bin directory on OpenBSD 4.8. The only useful program there is bgplg(8), which is an ELF binary "intended to be used in a chroot(2) environment" -- so all libraries are statically linked. This will run on a default installation. There are also two testing scripts (one Perl, the other /bin/sh).

Apache is a web server. Why should it include an interpreted language environment?

If you want Perl, just copy all the necessary files. Some people won't use Perl, and they are free to include whatever interpreter and/or libraries they desire in the chroot.
 
Old 11-25-2012, 03:15 PM   #10
velikij
Member
 
Registered: Oct 2005
Location: Santa Cruz, CA, USA
Distribution: Ubuntu Precise, Xubuntu Precise, Debian 6.0, Slackware 14, others.
Posts: 34

Rep: Reputation: 0
Unhappy

I have recently install OpenBSD 5.2, and having trouble making cgi work. I tried the instructions in #6 (to run Apache out of chroot), and can't get the printenv perl script to work. My web page "printenv.php" to run the script looks like:

<html>
<head>
<?php
$title="Test printenv cgi";
printf("<title>%s</title>\n", $title);
?>
</head>
<body>
<?php printf("<h2>%s</h2>\n", $title); ?>
<form action="/cgi-bin/printenv" method="get">
<input type="submit" name="submit" value="Printenv"
</form>

</body>
</html>

Apparently nothing happens when I click the submit button - the web page with the form remains on the screen.

Some system information:

OpenBSD lightning.local 5.2 GENERIC#278 i386
OpenBSD 5.2 (GENERIC) #278: Wed Aug 1 10:04:16 MDT 2012
deraadt@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
Actually this CPU is missing i686 instructions
cpu0: VIA Samuel 2 ("CentaurHauls" 686-class) 800 MHz
cpu0: FPU,DE,TSC,MSR,MTRR,PGE,MMX,3DNOW
cpu0 at mainbus0: (uniprocessor)
real mem = 502788096 (479MB)
avail mem = 483713024 (461MB)
spdmem0 at iic0 addr 0x50: 256MB DDR SDRAM non-parity PC3200CL3.0
spdmem1 at iic0 addr 0x51: 256MB DDR SDRAM non-parity PC2100CL2.5
Swap information:
root on wd0a (a6ebc77e99ef6c87.a) swap on wd0b dump on wd0b
Device 512-blocks Used Avail Capacity Priority
/dev/wd0b 1430205 0 1430205 0% 0
vga1 at pci1 dev 0 function 0 "VIA CLE266" rev 0x03
 
Old 11-25-2012, 03:41 PM   #11
velikij
Member
 
Registered: Oct 2005
Location: Santa Cruz, CA, USA
Distribution: Ubuntu Precise, Xubuntu Precise, Debian 6.0, Slackware 14, others.
Posts: 34

Rep: Reputation: 0
Oops: I found the problem in my html page #10 - I left off the closing ">" in the <submit > tag. Problem solved.
 
Old 11-25-2012, 04:48 PM   #12
linosaurusroot
Member
 
Registered: Oct 2012
Distribution: OpenSuSE,RHEL,Fedora,OpenBSD
Posts: 845
Blog Entries: 2

Rep: Reputation: 212Reputation: 212Reputation: 212
I copied perl into my chroot and run CGIs there.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Changing document root in Apache on OpenBSD 3.8 klemen *BSD 2 09-23-2005 03:56 AM
Problem excuting cgi script in OpenBSD gani *BSD 3 05-26-2005 07:40 AM
CGI and Apache Sevoma Linux - Software 7 02-06-2005 06:55 PM
apache and cgi hward Linux - Newbie 5 06-09-2004 04:53 AM
apache v2.0.44 + cgi ; securing cgi-support in apache markus1982 Linux - General 0 01-20-2003 02:03 PM


All times are GMT -5. The time now is 03:40 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration