[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CGI problem in OpenBSD 3.2
- To: tech_(_at_)_openbsd_(_dot_)_org
- Subject: CGI problem in OpenBSD 3.2
- From: "dreamwvr_(_at_)_dreamwvr_(_dot_)_com" <dreamwvr_(_at_)_dreamwvr_(_dot_)_com>
- Date: Sat, 15 Mar 2003 19:44:46 -0700
helo;
Here is a diff for the faq10.html It most likely needs a bit
of english. However I think it would be useful and eliminate
lots of posts regarding this issue.
Best Regards,
dreamwvr_(_at_)_dreamwvr_(_dot_)_com
-
/* Security is a work in progress - dreamwvr */
#
# Note: To begin Journey type man afterboot,man help,man hier[.]
#
// "Who's Afraid of Schrodinger's Cat?" /var/(.)?mail/me \? ;-]
--- faq10.html.orig Tue Mar 11 13:12:56 2003
+++ faq10.html Sat Mar 15 19:28:20 2003
@@ -37,8 +37,9 @@
<li><a href="#ftpchroot" >10.14 - Confining users to their home directories in ftpd(8)</a>
<li><a href="#Patches" >10.15 - Applying patches in OpenBSD</a>
<li><a href="#httpdchroot" >10.16 - Tell me about chroot() Apache?</a>
-<li><a href="#rootshell" >10.17 - I don't like the standard root shell!</a>
-<li><a href="#ksh" >10.18 - What else can I do with ksh?</a>
+<li><a href="#cgiperlchroot" >10.17 - How do I get PERL CGIs working using chrooted Apache?</a>
+<li><a href="#rootshell" >10.18 - I don't like the standard root shell!</a>
+<li><a href="#ksh" >10.19 - What else can I do with ksh?</a>
</ul>
<hr>
@@ -841,9 +842,8 @@
<blockquote><pre>
# <strong>cat krb.realms</strong>
-avalanche.ciarasystems.com >
-<HR><H3>Transfer interrupted!</H3>
- CIARASYSTEMS.COM
+avalanche.ciarasystems.com CIARASYSTEMS.COM
+.ciarasystems.com CIARASYSTEMS.COM
</pre></blockquote>
<p>
@@ -1620,7 +1620,6 @@
non-trivial and requires considerable programming knowledge -- most
users will find it easier to just disable the chroot(2) feature until
they are updated.
-
</ul>
In some cases, the application or configuration can be altered to run
@@ -1628,8 +1627,32 @@
feature using the <tt>-u</tt> option for httpd(8) in
<i><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=rc.conf&sektion=8";>/etc/rc.conf</a></i>
+<a name="cgiperlchroot"></a>
+<h2>10.17 - How do I get PERL CGIs working using chrooted Apache?</h2>
+<p>
+Here is a way to enable PERL interpreted CGIs in chrooted Apache environment.
+As indicated previously you need to examine each of your CGI programs on a case by case basis.
+Since what each CGI program does may very well be prohibited in the chroot environment. This
+also does not mean you are immune to badly written CGI programs. Any problems have just shifted
+further up the {tree,creek}. First consider ModPerl then if CGI is still a
+requirement due to the breadth of platforms etc see below.
+
+<br>
+Specifically proceed as follows: <br>
+<br>
+#mkdir -p /var/www/usr/{lib,libexec}<br>
+#for p in /usr/lib/libperl.so.* /usr/lib/libm.so.* \
+#/usr/lib/libc.so.* /usr/lib/libutil.so.*;<br>
+#do<br>
+#cp -p $i /var/www/usr/lib<br>
+#done;<br>
+#cd /usr/libexec && cp -p ld.so /var/www/usr/libexec/ld.so <br><br>
+That it your done!<br>
+<br>
+hint: Remember to test printenv located in /var/www/cgi-bin as normal user. Disable printenv
+when complete.<br>
<a name="rootshell"></a>
-<h2>10.17 - I don't like the standard root shell!</h2>
+<h2>10.18 - I don't like the standard root shell!</h2>
The default shell for <i>root</i> on OpenBSD is
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=csh&sektion=1";>csh</a>,
due primarily to tradition. There is no requirement that OpenBSD have
@@ -1676,7 +1699,7 @@
issue -- just don't log in as root.
<a name="ksh"></a>
-<h2>10.18 - What else can I do with <i>ksh</i>?</h2>
+<h2>10.19 - What else can I do with <i>ksh</i>?</h2>
In OpenBSD,
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ksh&sektion=1";>ksh</a>
is <a href="http://web.cs.mun.ca/~michael/pdksh/";>pdksh</a>, the Public
Visit your host, monkey.org