[Labs-l] Shell scripts and CGI on Tools

nejuje6tpztluvolq at nym.hush.com nejuje6tpztluvolq at nym.hush.com
Mon Sep 22 19:23:00 UTC 2014


Here is a new server.sh

#!/bin/sh
echo ''
echo 'Hello world'

And running local:

tools.ext-lnk-discover at tools-login:~/www/cgi-bin$ ./server.sh

Hello world
tools.ext-lnk-discover at tools-login:~/www/cgi-bin$

Same problem.

---------- Forwarded message ----------
Date: Mon, 22 Sep 2014 15:12:01 -0400
From: John 
Reply-To: Wikimedia Labs 
To: Wikimedia Labs 
Subject: Re: [Labs-l] Shell scripts and CGI on Tools

What happens when you execute the fcgi script from the terminal. Also
note
you need to send header info to form the HTML output

On Mon, Sep 22, 2014 at 3:09 PM,  wrote:

> File perms are OK
>
> tools.ext-lnk-discover at tools-login:~/www$ ls -ld cgi-bin/
> drwxrwsr-x 2 tools.ext-lnk-discover tools.ext-lnk-discover 4096 Sep
22
> 18:13 cgi-bin/
>
> tools.ext-lnk-discover at tools-login:~/www/cgi-bin$ ls -l
> -rwxr-xr-x 1 tools.ext-lnk-discover tools.ext-lnk-discover 29 Sep 21
21:54
> server.sh
>
> I'm using server.sh as a simple test case to report this bug. The
problem
> exists for Perl scripts also. And there are other accounts on Tools
using
> .sh via CGI see for example
>
> /data/project/catmonitor/.lighttpd.conf
>
> --
> GreenC
>
>
> On 9/22/2014 at 2:56 PM, "John"  wrote:
>
> .sh scripts are evil and should never be run via the web. .sh are
backend
> tools. I would look into either php or python. If you use python I
can lend
> a hand. Otherwise Look at file permissions 403 typcially means that
the
> webservice cannot read the file
>
> On Mon, Sep 22, 2014 at 2:36 PM,  wrote:
>
>> Hello,
>>
>> I've been trying to get this to work for days and am running out of
>> ideas.
>>
>> Attempting to accomplish something simple: Run a /bin/sh script via
CGI
>>
>> The script is called server.sh and contains this:
>>
>>     #!/bin/sh
>>     echo "Hello World"
>>
>> It resides in
/data/project/ext-lnk-discover/public_html/cgi-bin/server.sh
>>
>> The .lighttpd.conf is
>>
>>     debug.log-request-handling = "enable"
>>     static-file.exclude-extensions += ( ".sh" )
>>     $HTTP["url"] =~ "^cgi-bin" {
>>             cgi.assign = ( "" => "" )
>>     }
>>
>>
>> http://tools.wmflabs.org/ext-lnk-discover/cgi-bin/server.sh
>>
>> returns "403 Forbidden"
>>
>> The Lighttpd error.log is long, located in
>> /data/project/ext-lnk-discover/error.log, but the last two lines:
>>
>> 2014-09-22 18:10:19: (mod_compress.c.683) -- handling file as
static file
>> 2014-09-22 18:10:19: (mod_staticfile.c.389) -- NOT handling file as
>> static file, extension forbidden
>>
>> This would suggest .sh extension is the problem, but I changed the
name
>> to .fcgi or whatever doesn't matter get the same error.
>>
>> Maybe I need to use FCGI? New .lighttpd.conf:
>>
>>    fastcgi.server += ( "/" =>
>>      ((
>>        "socket" => "/tmp/ext-lnk-discover-server.sock",
>>        "bin-path" =>
>> "/data/project/ext-lnk-discover/public_html/cgi-bin/server.sh",
>>        "check-local" => "disable",
>>        "max-procs" => 1,
>>       ))
>>    )
>>
>> Error.log now shows:
>>
>> 2014-09-22 18:21:20: (mod_fastcgi.c.1104) the fastcgi-backend
>> /data/project/ext-lnk-discover/public_html/cgi-bin/server.sh failed
to
>> start:
>> 2014-09-22 18:21:20: (mod_fastcgi.c.1108) child exited with status
0
>> /data/project/ext-lnk-discover/public_html/cgi-bin/server.sh
>> 2014-09-22 18:21:20: (mod_fastcgi.c.1111) If you're trying to run
your
>> app as a FastCGI backend, make sure you're using the
FastCGI-enabled
>> version.
>> If this is PHP on Gentoo, add 'fastcgi' to the USE flags.
>> 2014-09-22 18:21:20: (mod_fastcgi.c.1399) [ERROR]: spawning fcgi
failed.
>> 2014-09-22 18:21:20: (server.c.938) Configuration of plugins
failed.
>> Going down.
>>
>> (this happens on webserver restart)
>>
>> ------------
>>
>> I've tried other scripts: bash, Perl and csh with same results.
>>
>> I'm beginning to think the problem is security, perhaps a jailed
shell on
>> the Grid? Any help appreciated!
>> Thanks,
>> GreenC
>>
>> _______________________________________________
>> Labs-l mailing list
>> Labs-l at lists.wikimedia.org
>> https://lists.wikimedia.org/mailman/listinfo/labs-l
>>
>>
>
> _______________________________________________
> Labs-l mailing list
> Labs-l at lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/labs-l
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.wikimedia.org/pipermail/labs-l/attachments/20140922/96c40b6c/attachment-0001.html>


More information about the Labs-l mailing list