And finally, Conclusion.
(A: Section 6 below: Why is the system uptime string not displayed when the cgi script is run under chroot?) /bin/sh is needed at chroot for command interpretation. (B: Section 4 below: Why does running uptime program under chroot yield time that is not accurate? 6:54PM while the actual time was 9:54PM produced by running uptime as root immediately after.) /etc/localtime is needed at chroot for correct local time. (by Alexander) /********************************************************/ # chroot -u www /var/www /cgi-bin/myuptimer.cgi Content-Type: text/plain;charset=us-ascii 1:31PM up 3:24, 1 user, load averages: 0.06, 0.08, 0.08 /********************************************************/ However, the cron script workaround (by Raul) should be adopted for security reasons as suggested unanimously. Thanks to all. Kihaguru On Mon, Sep 26, 2016 at 7:19 PM, Stuart Henderson <s...@spacehopper.org> wrote: > On 2016-09-25, Kihaguru Gathura <kihaguru.nje...@gmail.com> wrote: > > Thank you for ongoing suggestions, The web server in use is OpenBSD httpd > > and on a private network environment in perspective of security concerns. > > Raul's suggestion, "A simple workaround might be to create a cron script > which writes uptime to a file once a minute", seems far saner from a > security point of view than letting anyone who can hit port 80 execute > a program.
