OpenBSD Apache and cgi
Hello. Is there anything special I need to do with OpenBSD to get scripts to run in /var/www/cgi-bin?
Here are my settings in httpd.conf ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" <Directory "/var/www/cgi-bin"> AllowOverride None Options +ExecCGI Order allow,deny Allow from all </Directory> #AddHandler cgi-script .cgi AddHandler cgi-script .cgi -rwxr-xr-x 1 root daemon 250288 Sep 30 08:28 getin.cgi -rwxr-xr-x 1 root bin 268 Mar 29 2004 printenv -rwxr-xr-x 1 root bin 757 Mar 29 2004 test-cgi -rwxr-xr-x 1 root daemon 97 Sep 30 08:35 test.cgi None of the above scripts work. I am getting an internal server error. here is the log [Thu Sep 30 08:33:23 2004] [error] [client 198.108.51.11] Premature end of script headers: /cgi-bin/getin [Thu Sep 30 08:33:54 2004] [error] [client 198.108.51.11] Premature end of script headers: /cgi-bin/getin.cgi [Thu Sep 30 08:34:28 2004] [error] [client 198.108.51.11] Premature end of script headers: /cgi-bin/getin.cgi [Thu Sep 30 08:36:03 2004] [error] [client 198.108.51.11] Premature end of script headers: /cgi-bin/test.cgi [Thu Sep 30 08:36:20 2004] [error] [client 198.108.51.11] Premature end of script headers: /cgi-bin/test-cgi [Thu Sep 30 08:37:02 2004] [error] [client 198.108.51.11] Premature end of script headers: /cgi-bin/printenv [ All these scripts work from the command line though. Thanks in Advance. Jeempc |
I think it has something to do with chroot. I am still searching google.
Jeempc |
If the CGI scripts call something outside of /var/www, they will not work.
Try searching some of the OpenBSD mailing list archives at marc.theaimsgroup.com for "cgi chroot", or something like that. |
I will check out the link but I know for a fact that they are calling /usr/bin/perl which is typical for a cgi script.
Thanks Jeempc |
"CGI scripts using Perl or another scripting language require the interpreter and support files to be present in the chroot environment. Note that adding scripting languages like Perl severely violates rule 1."
From link above, thanks chort. So it seems that I would need to install perl, or link it somehow which I don't know how to do yet, in the /var/www directory. Does anyone have any experience with this? People must not use OpenBSD for dynamic web servers by default for obvious security reasons. I am still new to all this. I really dig getting a locked down system and opening up for what I need though. I think you learn more than playing with a system that is easy to break. Jeempc |
Quote:
Assuming you understand the added danger of running apache without chroot, you can change your /etc/rc.conf HTTPD line to httpd_flags="-u" You'll have to reboot for your machine to see this. then go into /var/www/cgi-bin and change the permissions on all the scripts to allow execution cd /var/www/cgi-bin chmod a+rx test-cgi chmod a+rx printenv now you can load /cgi-bin/printenv in your browser you'll get your cgi script output |
In OpenBSD, Apache is chrooted by default. Which does not mean that chroot is usable by everybody for all applications. It does mean that OpenBSD is initially configured for minimal risk, and configurations that incur additional risk must be actively chosen.
|
Quote:
|
Quote:
Apache is a web server. Why should it include an interpreted language environment? If you want Perl, just copy all the necessary files. Some people won't use Perl, and they are free to include whatever interpreter and/or libraries they desire in the chroot. |
I have recently install OpenBSD 5.2, and having trouble making cgi work. I tried the instructions in #6 (to run Apache out of chroot), and can't get the printenv perl script to work. My web page "printenv.php" to run the script looks like:
<html> <head> <?php $title="Test printenv cgi"; printf("<title>%s</title>\n", $title); ?> </head> <body> <?php printf("<h2>%s</h2>\n", $title); ?> <form action="/cgi-bin/printenv" method="get"> <input type="submit" name="submit" value="Printenv" </form> </body> </html> Apparently nothing happens when I click the submit button - the web page with the form remains on the screen. Some system information: OpenBSD lightning.local 5.2 GENERIC#278 i386 OpenBSD 5.2 (GENERIC) #278: Wed Aug 1 10:04:16 MDT 2012 deraadt@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC Actually this CPU is missing i686 instructions cpu0: VIA Samuel 2 ("CentaurHauls" 686-class) 800 MHz cpu0: FPU,DE,TSC,MSR,MTRR,PGE,MMX,3DNOW cpu0 at mainbus0: (uniprocessor) real mem = 502788096 (479MB) avail mem = 483713024 (461MB) spdmem0 at iic0 addr 0x50: 256MB DDR SDRAM non-parity PC3200CL3.0 spdmem1 at iic0 addr 0x51: 256MB DDR SDRAM non-parity PC2100CL2.5 Swap information: root on wd0a (a6ebc77e99ef6c87.a) swap on wd0b dump on wd0b Device 512-blocks Used Avail Capacity Priority /dev/wd0b 1430205 0 1430205 0% 0 vga1 at pci1 dev 0 function 0 "VIA CLE266" rev 0x03 |
Oops: I found the problem in my html page #10 - I left off the closing ">" in the <submit > tag. Problem solved.
|
I copied perl into my chroot and run CGIs there.
|
All times are GMT -5. The time now is 02:37 PM. |