failed to execute system command from CGI program
I have CGI program (written in C) that runs from apache server (2.22).
As a part of program flow, there are some commands that the program suppose to execute (grep, mutt). When I run this program mnually it works, but when it runs as a URL (https://myhost.mydomain/cgi-bin/myprogram) any system command is not executing without generating error message.
I tried to create some log file where the output and error messages should be written (such as system("/bin/grep XXX file > /tmp/grep.log 2>&1")) but no log file was created.
1. Your program may have a different PATH or other environment when run as CGI which prevents it from working.
2. Output from it may be visible in the apache error log.
3. Building commands to run in a shell ( system(...) ) using remote input from web users is dangerous and you'd be safer using Perl in taint mode and with system() in Perl's list format. If you must use C use execv() rather than system() so that input isn't given to a shell. More detail at http://cwe.mitre.org/top25/index.html#CWE-78
4. Is apache using a chroot so that /tmp/grep.log is in a place you didn't look and it might lack permissions for?
Thanks for answering!
My program is not executing commands based on remote input from users, it just executes few system commands based on program logic.
The "commands" (grep and mutt) are in the PATH of the server, hovewer probably I need to check the chroot in apache configuration for the user...
I probably will try execv or popen/pclose.
fork + execv solved the problem,
|All times are GMT -5. The time now is 03:27 PM.|