[Labs-l] Shell scripts and CGI on Tools

John phoenixoverride at gmail.com
Mon Sep 22 19:12:01 UTC 2014


What happens when you execute the fcgi script from the terminal. Also note
you need to send header info to form the HTML output

On Mon, Sep 22, 2014 at 3:09 PM, <nejuje6tpztluvolq at nym.hush.com> wrote:

> File perms are OK
>
> tools.ext-lnk-discover at tools-login:~/www$ ls -ld cgi-bin/
> drwxrwsr-x 2 tools.ext-lnk-discover tools.ext-lnk-discover 4096 Sep 22
> 18:13 cgi-bin/
>
> tools.ext-lnk-discover at tools-login:~/www/cgi-bin$ ls -l
> -rwxr-xr-x 1 tools.ext-lnk-discover tools.ext-lnk-discover 29 Sep 21 21:54
> server.sh
>
> I'm using server.sh as a simple test case to report this bug. The problem
> exists for Perl scripts also. And there are other accounts on Tools using
> .sh via CGI see for example
>
> /data/project/catmonitor/.lighttpd.conf
>
> --
> GreenC
>
>
> On 9/22/2014 at 2:56 PM, "John" <phoenixoverride at gmail.com> wrote:
>
> .sh scripts are evil and should never be run via the web. .sh are backend
> tools. I would look into either php or python. If you use python I can lend
> a hand. Otherwise Look at file permissions 403 typcially means that the
> webservice cannot read the file
>
> On Mon, Sep 22, 2014 at 2:36 PM, <nejuje6tpztluvolq at nym.hush.com> wrote:
>
>> Hello,
>>
>> I've been trying to get this to work for days and am running out of
>> ideas.
>>
>> Attempting to accomplish something simple: Run a /bin/sh script via CGI
>>
>> The script is called server.sh and contains this:
>>
>>     #!/bin/sh
>>     echo "Hello World<br>"
>>
>> It resides in /data/project/ext-lnk-discover/public_html/cgi-bin/server.sh
>>
>> The .lighttpd.conf is
>>
>>     debug.log-request-handling = "enable"
>>     static-file.exclude-extensions += ( ".sh" )
>>     $HTTP["url"] =~ "^cgi-bin" {
>>             cgi.assign = ( "" => "" )
>>     }
>>
>>
>> http://tools.wmflabs.org/ext-lnk-discover/cgi-bin/server.sh
>>
>> returns "403 Forbidden"
>>
>> The Lighttpd error.log is long, located in
>> /data/project/ext-lnk-discover/error.log, but the last two lines:
>>
>> 2014-09-22 18:10:19: (mod_compress.c.683) -- handling file as static file
>> 2014-09-22 18:10:19: (mod_staticfile.c.389) -- NOT handling file as
>> static file, extension forbidden
>>
>> This would suggest .sh extension is the problem, but I changed the name
>> to .fcgi or whatever doesn't matter get the same error.
>>
>> Maybe I need to use FCGI? New .lighttpd.conf:
>>
>>    fastcgi.server += ( "/" =>
>>      ((
>>        "socket" => "/tmp/ext-lnk-discover-server.sock",
>>        "bin-path" =>
>> "/data/project/ext-lnk-discover/public_html/cgi-bin/server.sh",
>>        "check-local" => "disable",
>>        "max-procs" => 1,
>>       ))
>>    )
>>
>> Error.log now shows:
>>
>> 2014-09-22 18:21:20: (mod_fastcgi.c.1104) the fastcgi-backend
>> /data/project/ext-lnk-discover/public_html/cgi-bin/server.sh failed to
>> start:
>> 2014-09-22 18:21:20: (mod_fastcgi.c.1108) child exited with status 0
>> /data/project/ext-lnk-discover/public_html/cgi-bin/server.sh
>> 2014-09-22 18:21:20: (mod_fastcgi.c.1111) If you're trying to run your
>> app as a FastCGI backend, make sure you're using the FastCGI-enabled
>> version.
>> If this is PHP on Gentoo, add 'fastcgi' to the USE flags.
>> 2014-09-22 18:21:20: (mod_fastcgi.c.1399) [ERROR]: spawning fcgi failed.
>> 2014-09-22 18:21:20: (server.c.938) Configuration of plugins failed.
>> Going down.
>>
>> (this happens on webserver restart)
>>
>> ------------
>>
>> I've tried other scripts: bash, Perl and csh with same results.
>>
>> I'm beginning to think the problem is security, perhaps a jailed shell on
>> the Grid? Any help appreciated!
>> Thanks,
>> GreenC
>>
>> _______________________________________________
>> Labs-l mailing list
>> Labs-l at lists.wikimedia.org
>> https://lists.wikimedia.org/mailman/listinfo/labs-l
>>
>>
>
> _______________________________________________
> Labs-l mailing list
> Labs-l at lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/labs-l
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.wikimedia.org/pipermail/labs-l/attachments/20140922/a5ca9e28/attachment.html>


More information about the Labs-l mailing list