FTP wrote:
I installed openwebmail from the ports and when trying to launch:
http://your_server/cgi-bin/openwebmail/openwebmail.pl
I get a 500 error. I suppose that this is due to the chrooted apache
but how do I find the dependencies for a perl script?
1) you think really hard about what a program does and how it does it.
* It runs as setuid root, so it can jump to any logged in user to fetch
their mail. (hint: chrooting a suid root program is kinda pointless)
* It accesses /var/mail (can't recall if directly or via pop3)
* It accesses Sendmail binary directly (another setuid root program).
* it accesses /home/* directly
(that's from memory, from a few years back's version. I suspect there
is a lot more. Some details may have changed, including my memory)
2) you think really hard about how much of the system you would have to
pull into the chroot to do what you want.
* Too much dangerous stuff...and much of the file system. The benefit
of chrooting is mostly lost.
3) Decide if the effort is worth it.
* No, it isn't IN THIS CASE. Give it up.
See the last sentence in:
http://www.openbsd.org/faq/faq10.html#httpdchroot
OpenWebmail is one of these apps. Making it work in a chroot would
require a major rewrite and restructure, not simply copying files
over...then you STILL have to trust the mechanism used to do those
root-like things.
(contrast this to Squirrelmail, which does (amazingly) run in a chroot
relatively easily...but then, Squirrelmail uses an IMAP server to move
your mail data around...so instead of worrying about a "hole" in Apache
or the web-app, you have to worry about a hole in your IMAP server)
Nick.
