Received: (qmail 29179 invoked by uid 2012); 21 Jun 1999 04:09:45 -0000 Message-Id: <19990621040945.29178.qmail@hyperreal.org> Date: 21 Jun 1999 04:09:45 -0000 From: Dominik Slusarczyk Reply-To: dslusarc@blizzardgames.com To: apbugs@hyperreal.org Subject: #exec cmd does not work, even after applying patch. X-Send-Pr-Version: 3.2 >Number: 4617 >Category: mod_include >Synopsis: #exec cmd does not work, even after applying patch. >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Sun Jun 20 21:10:01 PDT 1999 >Last-Modified: >Originator: dslusarc@blizzardgames.com >Organization: apache >Release: 1.3.6 >Environment: [root@blizzardgames.com support]# uname -a Linux caligula.blizzardgames.com 2.0.36 #4 Fri Mar 12 15:32:15 EST 1999 i686 [root@blizzardgames.com support]# gcc -v Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/2.7.2.3/specs gcc version 2.7.2.3 >Description: does not work. It yields no SSI error to the output (I normally expect [an error has occurred processing this directive.]). It logs no errors. The error only occurs when I include an ABSOLUTE PATH after the cmd=. For example, my scenario: File list.shtml is in /home/ducky/www/. File nlist.cgi, an executable binary with mode 755, is in /home/ducky/www/nlist/. I have the following two directives in /home/ducky/www/list.shtml: This works properly. This does not work. It produces no output. When I execute /home/ducky/www/nlist/nlist.cgi from the directory of list.shtml (/home/ducky/www), bash gives me no errors. It runs the program and places its output in the terminal. The problem is not caused because there are two directives in the single file; I have tried separating them. I have tried adding and removing a Content-type header to my program's output (though I notice that if a content-type header is added, it is printed into the HTML, which leads me to believe that a content-type header is not expected, rightly, when executing a command with /bin/bash). I noticed that other people have submitted several bug reports with very similar circumstances. Apache on my machine is also compiled with suEXEC. I have tried applying the patch mentioned in bug reports 4111 and 4412 with original suexec.c and suexec.h files. The patch did not appear to work completely. The output that I recieved from the patch command: [root@blizzardgames.com support]# patch < /root/suexec_patch_apache patching file `suexec.c' Hunk #1 succeeded at 434 (offset 11 lines). Hunk #3 succeeded at 479 (offset 11 lines). Hunk #5 succeeded at 531 (offset 12 lines). patching file `suexec.h' Hunk #1 succeeded at 140 (offset 1 line). (Hunks 2 and 4 apparently failed. My co-admin tried doing them manually, but the problem was still not fixed.) I hope that I have given you all required information. Alert me if otherwise. >How-To-Repeat: On Apache 1.3.6 (I am not sure if suEXEC is "required" for the bug; I never worked on Apache without suEXEC), simply put an #exec cmd tag with an absolute path and a filename into a ssi-parsed document. >Fix: I do not know what causes this problem. I am aware that certain other web servers perform #exec cmd commands without including the output in the HTML document; to have the output included, a special #config tag is needed. However, this does not seem to be the case with Apache becuase I find no mention of this in the docs, the #config directive suggested produces an SSI error, and, most importantly, the #exec cmd WORKS when an relative path, rather than an absolute path, is given. >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, you need] [to include in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]