Re: [users@httpd] Apache is unable to access /tmp in any way
I remember I have provided them in my first email. The server had only 3 lines of log except startup information. > [authz_core:debug] [pid 4469:tid 140408108734144] mod_authz_core.c(815): [client 127.0.0.1:37804] AH01626: authorization result of Require all denied: denied > [authz_core:debug] [pid 4469:tid 140408108734144] mod_authz_core.c(815): [client 127.0.0.1:37804] AH01626: authorization result of : denied > [authz_core:error] [pid 4469:tid 140408108734144] [client 127.0.0.1:37804] AH01630: client denied by server configuration: /tmp/http On 2/16/23 00:35, Eric Covener wrote: ErrorLog entry: I mean the contents of the log. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] cannot run test program while cross compiling
I can't find any trace tho.. can you suggest? Added build options --- configure: summary of build options: Server Version: 2.5.1 Install prefix: /usr/local/apache2 C compiler: aarch64-gnu-linux-gcc -march=armv8-a+crc -fstack-protector-strong -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security --sysroot=/opt/drive5-linux/5.0.40.0-29154167/s ysroots/aarch64-gnu-linux CFLAGS: -O2 -pipe -g -feliminate-unused-debug-types -fno-diagnostics-show-caret CPPFLAGS: -DLINUX -D_REENTRANT -D_GNU_SOURCE LDFLAGS: -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -fstack-protector-strong -Wl,-z,relro,-z,now LIBS: C preprocessor: aarch64-gnu-linux-gcc -E -march=armv8-a+crc -fstack-protector-strong -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security --sysroot=/opt/drive5-linux/5.0.40.0-2915416 --- -Original Message- From: "유원석" To: ; Cc: Sent: 2023-02-15 (수) 18:20:09 (GMT+09:00) Subject: Re: [users@httpd] cannot run test program while cross compiling No, so I tried and all compiles process works I moved httpd and what should be required to the target and it fails with core dumped It seems no log there I have no clue about what i should do next Thank you -Original Message- From: "Vladimir Chlup" To: ; Cc: Sent: 2023-02-15 (수) 17:07:41 (GMT+09:00) Subject: Re: [users@httpd] cannot run test program while cross compiling Hello, Did you try to rename `aarch64-linux-libtool` to `libtool`? Regards, On Wed, Feb 15, 2023 at 1:35 AM 유원석 wrote: Thank you for your supports I pass through but having new error in make command. "libtool: command not found" But the thing is libtool-bin's been installed by sudo apt install command, so as to run configure command which had an error about libtool not found as well. but now it seems like trying to find it in httpd directory in make command Regards -Original Message- From: "Yann Ylavic" To: ; Cc: Sent: 2023-02-15 (수) 03:01:10 (GMT+09:00) Subject: Re: [users@httpd] cannot run test program while cross compiling On Tue, Feb 14, 2023 at 6:56 PM Yann Ylavic wrote: > > On Tue, Feb 14, 2023 at 1:13 PM 유원석 wrote: > > > > Hello > > I was trying to cross-compile apache to no avail > > How can I fix this error below? > > Can you try the attached patch? Possible adding ap_cv_crypt_sha2=no (or =yes if you know that the target system's crypt() supports SHA-2) to the "./configure ..." command line could do it too, by forcing the test decision rather than running it. > > Regards; > Yann. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- Vladimír Chlup
Re: [users@httpd] Apache is unable to access /tmp in any way
> ErrorLog entry: I mean the contents of the log. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Apache is unable to access /tmp in any way
It works fine for /tmp itself, but says 403 for any directories under /tmp, regardless of their permissions (neither 777 nor 1777 works) All directories are owned by root and root group ErrorLog entry: > ErrorLog "/var/log/httpd/error_log" > > LogLevel debug > > > # > # The following directives define some format nicknames for use with > # a CustomLog directive (see below). > # > LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined > LogFormat "%h %l %u %t \"%r\" %>s %b" common > > > # You need to enable mod_logio.c to use %I and %O > LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio > > > # > # The location and format of the access logfile (Common Logfile Format). > # If you do not define any access logfiles within a > # container, they will be logged here. Contrariwise, if you *do* > # define per- access logfiles, transactions will be > # logged therein and *not* in this file. > # > CustomLog "/var/log/httpd/access_log" combined > > # > # If you prefer a logfile with access, agent, and referer information > # (Combined Logfile Format) you can use the following directive. > # > #CustomLog "/var/log/httpd/access_log" combined > On 2/15/23 23:14, Vladimir Chlup wrote: Hello, I am not sure that the answer is correct. I briefly tried to set up Apache/2.4.55 with /tmp as you described and it seems to work fine. Are you sure that there is no issue with permissions in subdirectories/files themselves? Regards, On Wed, Feb 15, 2023 at 4:06 PM accelerator0099 wrote: That's for serving temporary files, of course. I am developing a file-sharing web application, but it hasn't finished yet. Before finishing it if I upload something to or download something from the server those files are stored in /tmp. In most cases they are just temporary files and should be removed after use. I have used this for some time, until a recent system upgrade which changed apache's behavior and disallowed me accessing /tmp. Thanks for explaining the reason! I'm just astonished to know that apache could make such big changes today. On 2/15/23 22:33, Antony Stone wrote: > On Wednesday 15 February 2023 at 15:21:58, accelerator0099 wrote: > >> Apache is unable to access /tmp in any way. >> I always get 403 Forbidden for that. >> Why is /tmp different from others? > My guess (and it is one) is that since /tmp can be written to by any user, > this is a security feature which stops someone running Apache in such a way > that an attacker could get some process to write either a file or a symlink > into /tmp and then be able to retrieve the content remotely over HTTP. > > However, given that many systems routinely delete the contents of /tmp on > startup and/or shutdown, why would you ever want to point Apache at files which > exist there? > > What is the use case for having servable content under /tmp? > > > Antony. > - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- Vladimír Chlup - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Apache is unable to access /tmp in any way
Hello, I am not sure that the answer is correct. I briefly tried to set up Apache/2.4.55 with /tmp as you described and it seems to work fine. Are you sure that there is no issue with permissions in subdirectories/files themselves? Regards, On Wed, Feb 15, 2023 at 4:06 PM accelerator0099 wrote: > That's for serving temporary files, of course. > > > I am developing a file-sharing web application, but it hasn't finished > yet. Before finishing it if I upload something to or download something > from the server those files are stored in /tmp. In most cases they are > just temporary files and should be removed after use. I have used this > for some time, until a recent system upgrade which changed apache's > behavior and disallowed me accessing /tmp. > > > Thanks for explaining the reason! I'm just astonished to know that > apache could make such big changes today. > > > On 2/15/23 22:33, Antony Stone wrote: > > On Wednesday 15 February 2023 at 15:21:58, accelerator0099 wrote: > > > >> Apache is unable to access /tmp in any way. > >> I always get 403 Forbidden for that. > >> Why is /tmp different from others? > > My guess (and it is one) is that since /tmp can be written to by any > user, > > this is a security feature which stops someone running Apache in such a > way > > that an attacker could get some process to write either a file or a > symlink > > into /tmp and then be able to retrieve the content remotely over HTTP. > > > > However, given that many systems routinely delete the contents of /tmp on > > startup and/or shutdown, why would you ever want to point Apache at > files which > > exist there? > > > > What is the use case for having servable content under /tmp? > > > > > > Antony. > > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- Vladimír Chlup
Re: [users@httpd] Apache is unable to access /tmp in any way
> Except for anything under /tmp. > > I always get 403 Forbidden for that. > What's the verbatim ErrorLog entry for it? - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Apache is unable to access /tmp in any way
That's for serving temporary files, of course. I am developing a file-sharing web application, but it hasn't finished yet. Before finishing it if I upload something to or download something from the server those files are stored in /tmp. In most cases they are just temporary files and should be removed after use. I have used this for some time, until a recent system upgrade which changed apache's behavior and disallowed me accessing /tmp. Thanks for explaining the reason! I'm just astonished to know that apache could make such big changes today. On 2/15/23 22:33, Antony Stone wrote: On Wednesday 15 February 2023 at 15:21:58, accelerator0099 wrote: Apache is unable to access /tmp in any way. I always get 403 Forbidden for that. Why is /tmp different from others? My guess (and it is one) is that since /tmp can be written to by any user, this is a security feature which stops someone running Apache in such a way that an attacker could get some process to write either a file or a symlink into /tmp and then be able to retrieve the content remotely over HTTP. However, given that many systems routinely delete the contents of /tmp on startup and/or shutdown, why would you ever want to point Apache at files which exist there? What is the use case for having servable content under /tmp? Antony. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] Apache is unable to access /tmp in any way
On Wednesday 15 February 2023 at 15:21:58, accelerator0099 wrote: > Apache is unable to access /tmp in any way. > I always get 403 Forbidden for that. > Why is /tmp different from others? My guess (and it is one) is that since /tmp can be written to by any user, this is a security feature which stops someone running Apache in such a way that an attacker could get some process to write either a file or a symlink into /tmp and then be able to retrieve the content remotely over HTTP. However, given that many systems routinely delete the contents of /tmp on startup and/or shutdown, why would you ever want to point Apache at files which exist there? What is the use case for having servable content under /tmp? Antony. -- Tinned food was developed for the British Navy in 1813. The tin opener was not invented until 1858. Please reply to the list; please *don't* CC me. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Apache is unable to access /tmp in any way
This problem happened in a recent apache release before version 2.4.55. I encountered this after a system upgrade a month ago. Apache is unable to access /tmp in any way. We may let apache host some external websites by: Alias "/ext" "/path/to/external" Options Indexes Require all granted You can access that through http://yourwebsite/ext This works most of the time. Changing "/path/to/external" to any path works fine including /bin, /srv, /etc ... Except for anything under /tmp. I always get 403 Forbidden for that. For other directories, as long as apache has access permission on them, I could always get their content listed. Only for /tmp I get 403 Forbidden. Indexing (/ext) and actual file accessing (/ext/index.html) are both forbidden. Why is /tmp different from others? Changing permission of /tmp to 755 does not work, either. Debug log here: [authz_core:debug] [pid 4469:tid 140408108734144]mod_authz_core.c(815): [client 127.0.0.1:37804] AH01626: authorization result of Require all denied: denied [authz_core:debug] [pid 4469:tid 140408108734144]mod_authz_core.c(815): [client 127.0.0.1:37804] AH01626: authorization result of : denied [authz_core:error] [pid 4469:tid 140408108734144] [client127.0.0.1:37804] AH01630: client denied by server configuration: /tmp/http Build options: ./configure --sbindir=/usr/bin \ --enable-layout=Arch \ --enable-mpms-shared=all \ --enable-modules=all \ --enable-mods-shared=all \ --enable-so \ --enable-suexec \ --with-suexec-caller=http \ --with-suexec-docroot=/srv/http \ --with-suexec-logfile=/var/log/httpd/suexec.log \ --with-suexec-bin=/usr/bin/suexec \ --with-suexec-uidmin=99 --with-suexec-gidmin=99 \ --enable-ldap --enable-authnz-ldap --enable-authnz-fcgi \ --enable-cache --enable-disk-cache --enable-mem-cache --enable-file-cache \ --enable-ssl --with-ssl \ --enable-deflate --enable-cgi --enable-cgid \ --enable-proxy --enable-proxy-connect \ --enable-proxy-http --enable-proxy-ftp \ --enable-dbd --enable-imagemap --enable-ident --enable-cern-meta \ --enable-lua --enable-xml2enc --enable-http2 \ --enable-proxy-http2 --enable-md --enable-brotli \ --with-apr=/usr/bin/apr-1-config \ --with-apr-util=/usr/bin/apu-1-config \ --with-pcre2 Source: https://www.apache.org/dist/httpd/httpd-2.4.55.tar.bz2 - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
Re: [users@httpd] cannot run test program while cross compiling
No, so I tried and all compiles process works I moved httpd and what should be required to the target and it fails with core dumped It seems no log there I have no clue about what i should do next Thank you -Original Message- From: "Vladimir Chlup" To: ; Cc: Sent: 2023-02-15 (수) 17:07:41 (GMT+09:00) Subject: Re: [users@httpd] cannot run test program while cross compiling Hello, Did you try to rename `aarch64-linux-libtool` to `libtool`? Regards, On Wed, Feb 15, 2023 at 1:35 AM 유원석 wrote: Thank you for your supports I pass through but having new error in make command. "libtool: command not found" But the thing is libtool-bin's been installed by sudo apt install command, so as to run configure command which had an error about libtool not found as well. but now it seems like trying to find it in httpd directory in make command Regards -Original Message- From: "Yann Ylavic" To: ; Cc: Sent: 2023-02-15 (수) 03:01:10 (GMT+09:00) Subject: Re: [users@httpd] cannot run test program while cross compiling On Tue, Feb 14, 2023 at 6:56 PM Yann Ylavic wrote: > > On Tue, Feb 14, 2023 at 1:13 PM 유원석 wrote: > > > > Hello > > I was trying to cross-compile apache to no avail > > How can I fix this error below? > > Can you try the attached patch? Possible adding ap_cv_crypt_sha2=no (or =yes if you know that the target system's crypt() supports SHA-2) to the "./configure ..." command line could do it too, by forcing the test decision rather than running it. > > Regards; > Yann. - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org -- Vladimír Chlup - To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org
[users@httpd] Query about support for OpenSSL 1.1.1
Hi Team, There is new version of Openssl i.e. Openssl 3.0 available for which Httpd provide support in its newly released versions. We are using Openssl version 1.1.1 in our project and need to know that if Httpd will continue its support towards Openssl 1.1.1 as well till year 2030. Thanks and Regards Vivek Singh Naruka
Re: [users@httpd] cannot run test program while cross compiling
Hello, Did you try to rename `aarch64-linux-libtool` to `libtool`? Regards, On Wed, Feb 15, 2023 at 1:35 AM 유원석 wrote: > Thank you for your supports > > I pass through but having new error in make command. > "libtool: command not found" > > But the thing is libtool-bin's been installed by sudo apt install command, > so as to run configure command which had an error about libtool not found > as well. > but now it seems like trying to find it in httpd directory in make command > > Regards > > > > -Original Message- > *From:* "Yann Ylavic" > *To:* ; > *Cc:* > *Sent:* 2023-02-15 (수) 03:01:10 (GMT+09:00) > *Subject:* Re: [users@httpd] cannot run test program while cross compiling > > On Tue, Feb 14, 2023 at 6:56 PM Yann Ylavic wrote: > > > > On Tue, Feb 14, 2023 at 1:13 PM 유원석 wrote: > > > > > > Hello > > > I was trying to cross-compile apache to no avail > > > How can I fix this error below? > > > > Can you try the attached patch? > > Possible adding ap_cv_crypt_sha2=no (or =yes if you know that the > target system's crypt() supports SHA-2) to the "./configure ..." > command line could do it too, by forcing the test decision rather than > running it. > > > > > Regards; > > Yann. > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > > - > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > -- Vladimír Chlup