[Labs-l] Shell scripts and CGI on Tools

nejuje6tpztluvolq at nym.hush.com nejuje6tpztluvolq at nym.hush.com
Mon Sep 22 19:09:09 UTC 2014


File perms are OK

tools.ext-lnk-discover at tools-login:~/www$ ls -ld cgi-bin/
drwxrwsr-x 2 tools.ext-lnk-discover tools.ext-lnk-discover 4096 Sep 22
18:13 cgi-bin/

tools.ext-lnk-discover at tools-login:~/www/cgi-bin$ ls -l
-rwxr-xr-x 1 tools.ext-lnk-discover tools.ext-lnk-discover 29 Sep 21
21:54 server.sh

I'm using server.sh as a simple test case to report this bug. The
problem exists for Perl scripts also. And there are other accounts on
Tools using .sh via CGI see for example 

/data/project/catmonitor/.lighttpd.conf

--
GreenC

On 9/22/2014 at 2:56 PM, "John"  wrote:.sh scripts are evil and should
never be run via the web. .sh are backend tools. I would look into
either php or python. If you use python I can lend a hand. Otherwise
Look at file permissions 403 typcially means that the webservice
cannot read the file

On Mon, Sep 22, 2014 at 2:36 PM,   wrote:
Hello,

I've been trying to get this to work for days and am running out of
ideas. 

Attempting to accomplish something simple: Run a /bin/sh script via
CGI 

The script is called server.sh and contains this:

    #!/bin/sh
    echo "Hello World"

It resides in
/data/project/ext-lnk-discover/public_html/cgi-bin/server.sh

The .lighttpd.conf is 

    debug.log-request-handling = "enable"    
    static-file.exclude-extensions += ( ".sh" )
    $HTTP["url"] =~ "^cgi-bin" {
            cgi.assign = ( "" => "" )
    }
http://tools.wmflabs.org/ext-lnk-discover/cgi-bin/server.sh 

returns "403 Forbidden"

The Lighttpd error.log is long, located in
/data/project/ext-lnk-discover/error.log, but the last two lines:

2014-09-22 18:10:19: (mod_compress.c.683) -- handling file as static
file
2014-09-22 18:10:19: (mod_staticfile.c.389) -- NOT handling file as
static file, extension forbidden

This would suggest .sh extension is the problem, but I changed the
name to .fcgi or whatever doesn't matter get the same error.

Maybe I need to use FCGI? New .lighttpd.conf:

   fastcgi.server += ( "/" =>
     ((
       "socket" => "/tmp/ext-lnk-discover-server.sock",
       "bin-path" =>
"/data/project/ext-lnk-discover/public_html/cgi-bin/server.sh",
       "check-local" => "disable",
       "max-procs" => 1,
      ))
   )

Error.log now shows:

2014-09-22 18:21:20: (mod_fastcgi.c.1104) the fastcgi-backend
/data/project/ext-lnk-discover/public_html/cgi-bin/server.sh failed to
start:
2014-09-22 18:21:20: (mod_fastcgi.c.1108) child exited with status 0
/data/project/ext-lnk-discover/public_html/cgi-bin/server.sh
2014-09-22 18:21:20: (mod_fastcgi.c.1111) If you're trying to run your
app as a FastCGI backend, make sure you're using the FastCGI-enabled
version.
If this is PHP on Gentoo, add 'fastcgi' to the USE flags.
2014-09-22 18:21:20: (mod_fastcgi.c.1399) [ERROR]: spawning fcgi
failed.
2014-09-22 18:21:20: (server.c.938) Configuration of plugins failed.
Going down.

(this happens on webserver restart)

------------

I've tried other scripts: bash, Perl and csh with same results.

I'm beginning to think the problem is security, perhaps a jailed shell
on the Grid? Any help appreciated!
Thanks,
GreenC

_______________________________________________
 Labs-l mailing list
 Labs-l at lists.wikimedia.org
 https://lists.wikimedia.org/mailman/listinfo/labs-l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.wikimedia.org/pipermail/labs-l/attachments/20140922/9d22386a/attachment-0001.html>


More information about the Labs-l mailing list