Package: apache2
Version: 2.4.53-1~deb11u1
Severity: minor
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
Enabling cgid in apache2 (with a2enmod cgid) results in an error when using mpm_event:
[cgid:error] [pid 8943:tid 140189712234240] (22)Invalid argument: [client x.x.x.x:49364] AH01257: unable to connect to cgi daemon after multiple tries: /usr/lib/cgi-bin/xxxxxx
Meanwhile, the user receives a 503 HTTP error, rather than the CGI content.
Upon launch, Apache creates /var/run/apache2/cgisock.PID (where PID is the PID in question), however it does that as the www-data user and root group, who does not have write access to /var/run/apache2 (where only the root user has write permission).
To fix this, chmod g+rwx /var/run/apache2 fixes the issue. Since we're only adding the root group, this likely has a minimal security effect.
Alternately, the default directive of
/etc/apache2/mods-available/cgid.conf: ScriptSock ${APACHE_RUN_DIR}/cgisock
Should not point to a folder that does not have write access by www-data user and a subfolder with more open permission should be created.