Once your scripts are working you could try to copy the files that are
need for the CGI script into the chrooted directory.
If the cgi script is a pre-compiled binary that has been linked to other
library's your can run the following to find out what it needs.
ldd /var/www/cgi-bin/your-prog
If it's just a cgi script with regular commands, you will have to copy
each command into the /var/www directory.
So lets say your script runs the banner command- so the following will
show what could be done to run the command with-in a chrooted apache server.
$ ldd /usr/bin/banner
/usr/bin/banner:
Start End Type Open Ref GrpRef Name
00000000 00000000 exe 1 0 0 /usr/bin/banner
0c54d000 2c57e000 rlib 0 1 0 /usr/lib/libc.so.39.0
0b67a000 0b67a000 rtld 0 1 0 /usr/libexec/ld.so
So we need libc and ld.so with the same paths in /var/www... so:
First- create some of the standard files that many binaries look for-
mkdir /var/www/etc
grep "www" /etc/passwd > /var/www/etc/passwd
grep "localhost" /etc/hosts > /var/www/etc/hosts
cp /etc/resolv.conf /var/www/etc
Next- we will copy the files in place.
mkdir /var/www/usr/bin
mkdir /var/www/usr/lib
mkdir /var/www/usr/libexec
# Do the following as root, or sudo
cp -p /usr/bin/banner /var/www/bin
cp -p /usr/lib/libc.so.39.0 /var/www/lib
cp -p /usr/libexec/ld.so /var/www/libexec
# you may or may not need this...
cp -p /bin/sh /var/www/bin
There are plenty of FAQs on setting up binaries and script to run in a
chrooted environment, and I would highly recommend that people start
making this stuff work, rather then going for a less secure web server
and scripts. It's just a matter of time before apache has a major flaw,
or something in a script fails.
Have fun!
Francisco Valladolid wrote:
hi, .. if you are new to OpenBSD, enabling chroot maybe difficult for you, i
recommended run apache without chroot.
disable it in /etc/rc.conf
httpd_flags="-u" # the -u option disable chroot
then you can run your cgi scripts from /var/www/cgi-bin/ only doing chmod
755 <script>
Regards.
On 11/20/06, Hannah Broughton <[EMAIL PROTECTED]> wrote:
Hi,
I'm completely new to openBSD and have been trying to configure apache
to run some CGI scripts.
I have apache working fine, but the CGI scripts are failing with error
500 and the log file reports "Premature end of script header".
I am very sure that this is not the script that is wrong, I have the
content-type header and have read many articles on the net about this
error and still can't fix the problem.
I have a feeling there may be some config specific to OpenBSD that I may
have missed in order to enable the running of CGI scripts?
Thanks for any help,
Hannah
This message has been checked for viruses but the contents of an
attachment
may still contain software viruses, which could damage your computer
system:
you are advised to perform your own checks. Email communications with the
University of Nottingham may be monitored as permitted by UK legislation.
