[Scottish] Apache weirdness

Colin McKinnon colin.mckinnon at ntlworld.com
Wed May 31 22:06:55 BST 2006 

Hi John,

I don't know much^H^H^H^Hanything about Perl but since you've asked...

On Wednesday 31 May 2006 18:23, John Gordon Ollason wrote:
>
> It was not clear from Plus Net's documentation how the cgi-bin directory
> was supposed to be set up. One source seemed to imply that it was the
> user's root directory. This seemed odd to me, but I gave it a try and was
> not surprised when it didn't work. So I set up directory
>
> $mkdir -m 740 cgi-bin
>
> as required by the instructions. Put my script into the directory and
> chmodded the permissions to 750 as instructed.
>

hmmm presumably under your own username - but which group? It looks like 
apache is running as houseofdeer - is the same username you use to login? 
Otherwise, is the webserver uid in the same group as your login? Is it 
running setuid? OK - so these may not be easy to answer for now. But making a 
really secure Apache installation, if done badly, can break a lot of stuff.

>
> $export QUERY_STRING="...."
> $ script>temp
> $
>

(weird PATH setting - but we'll let that slide). I assume that here you're 
logged in with a user account which is not the webserver uid.

>
> When the script is invoked from the browser (any browser, lynx, konqueror,
> Opera, Firefox) the server picks up a buggy version of the script that was
> deleted from my filespace days ago, and also fails to pick up the
> QUERY_STRING altogether.
>

Its possible that this is a seperate issue to do with how content is 
propogated from the machine you log into to the webserver. Even if you ssh 
directly to ccgi.houseofdeer.plus.com (which resolves to a single address) it 
doesn't mean

a) there's only one box at the address
b) the machine you ssh into is a webserver

Have you tried dropping a file with a different name?

>
> Trying to work out what is happening I dump the whole %ENV array at the
> beginning of the output. This gives the expected results including the url
> of the script that ought to be executed and the QUERY_STRING that provides
> the data, but the rest of the page appears to be generated by the buggy
> version despite its being deleted from my file space, and the output
> clearly has not been generated using the QUERY_STRING data.
>

Most of my Perl code does stuff like that too ;)

I'd suggest you get back to basics - start with helloworld.pl and work 
upwards. 

>
> Has anybody else seen anything as weird as this?
>

Don't get me started.

HTH, good luck

C.

More information about the Scottish mailing list