Bug#1112461: apache2: environment variables are not available in script when using the Action directive
Package: apache2
Version: 2.4.65-2
Severity: normal
Hi.
After upgrading from Debian 12 (with apache2 2.4.62-1~deb12u2) to Debian
13 (with apache 2.4.65-2), my scripts interpreted by eperl (2.2.15-1),
which are invoked via the Action directive in the Apache configuration,
stopped working correctly. The problem is that the scripts do not have
environment variables available. They are missing environment variables
set with SetEnv, as well as other environment variables such as
DOCUMENT_ROOT.
For troubleshooting I assembled the complete apache2 config httpd.conf
(see below), which I run as an unprivileged user with the commands:
export APACHE_COREPATH="/usr/lib/apache2"
export APACHE_COREPATH2=`pwd`
/usr/sbin/apachectl -D FOREGROUND -f ${APACHE_COREPATH2}/httpd.conf
My script then returns all environment variables and the result can be
retrieved, for example, with:
elinks http://localhost:9083/a.phtml
On Debian 13 the script returns (is BAD):
"
ENV vars
-------------------------
REDIRECT_MYCONF_VAR = Hello
Got the following headers
-------------------------
"
On Debian 13 the script returns (is OK):
"
ENV vars
-------------------------
CONTEXT_DOCUMENT_ROOT = /usr/lib/cgi-bin/
CONTEXT_PREFIX = /cgi-bin/
DOCUMENT_ROOT = ...
GATEWAY_INTERFACE = CGI/1.1
...
HTTP_X_MYCONF_VAR = Hello-Header
HTTP_X_MYCONF_VAR2 = Bye-Header
MYCONF_VAR = Hello
MYCONF_VAR2 = Bye
...
SERVER_SOFTWARE = Apache/2.4.62 (Debian)
VERSION_INTERPRETER = ePerl/2.2.14
VERSION_LANGUAGE = Perl/5.036
Got the following headers
-------------------------
HTTP_USER_AGENT: ELinks/0.13.2 (textmode; Linux 6.1.0-37-amd64 x86_64; ...
HTTP_X_MYCONF_VAR: Hello-Header
HTTP_CONNECTION: Keep-Alive
HTTP_ACCEPT_LANGUAGE: cs
HTTP_ACCEPT: */*
HTTP_X_MYCONF_VAR2: Bye-Header
HTTP_HOST: localhost:9083
"
The source code of the script a.phtml is:
<?
use strict;
use utf8;
print "Content-Type: text/plain\n\n";
print "ENV vars\n";
print "-------------------------\n";
foreach my $var (sort keys %ENV) {
print $var;
print " = ";
print $ENV{$var};
print "\n";
}
print "\n";
use CGI;
my $q = CGI->new;
my %headers = map { $_ => $q->http($_) } $q->http();
print "Got the following headers\n";
print "-------------------------\n";
for my $header ( keys %headers ) {
print $header;
print ": ";
print $headers{$header};
print "\n";
}
!>
The problem is probably not in the apache2 package itself on Debian 13.
I built a vanilla Apache 2.4.62 on Debian 13 (the version corresponding
to Debian 12, where there is no problem) and there the problem (on
Debian 13) also occurs: environment variables are not available in the
script.
I also built a vanilla Apache 2.4.65 on Debian 12 (the version
corresponding to Debian 13, where the problem occurs) and there the
problem does not occur (on Debian 12).
This seems odd to me - something in Debian 13 must have changed
(probably not in apache2 itself) that causes my problem.
Best Regards
Marek
-- Package-specific info:
-- System Information:
Debian Release: 13.0
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.41+deb13-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=cs_CZ.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages apache2 depends on:
ii apache2-bin 2.4.65-2
ii apache2-data 2.4.65-2
ii apache2-utils 2.4.65-2
ii init-system-helpers 1.68
ii media-types 13.0.0
ii perl 5.40.1-6
ii procps 2:4.0.4-9
Versions of packages apache2 recommends:
ii ssl-cert 1.1.3
Versions of packages apache2 suggests:
pn apache2-doc <none>
pn apache2-suexec-pristine | apache2-suexec-custom <none>
ii elinks [www-browser] 0.18.0-1+b1
ii firefox-esr [www-browser] 128.14.0esr-1~deb13u1
ii lynx [www-browser] 2.9.2-1
pn ufw <none>
Versions of packages apache2-bin depends on:
ii libapr1t64 1.7.5-1
ii libaprutil1-dbd-sqlite3 1.6.3-3+b1
ii libaprutil1-ldap 1.6.3-3+b1
ii libaprutil1t64 1.6.3-3+b1
ii libbrotli1 1.1.0-2+b7
ii libc6 2.41-12
ii libcrypt1 1:4.4.38-1
ii libcurl4t64 8.14.1-2
ii libjansson4 2.14-2+b3
ii libldap2 2.6.10+dfsg-1
ii liblua5.4-0 5.4.7-1+b2
ii libnghttp2-14 1.64.0-1.1
ii libpcre2-8-0 10.45-1
ii libssl3t64 3.5.1-1
ii libxml2 2.12.7+dfsg+really2.9.14-2.1+deb13u1
ii perl 5.40.1-6
ii zlib1g 1:1.3.dfsg+really1.3.1-1+b1
Versions of packages apache2-bin suggests:
pn apache2-doc <none>
pn apache2-suexec-pristine | apache2-suexec-custom <none>
ii elinks [www-browser] 0.18.0-1+b1
ii firefox-esr [www-browser] 128.14.0esr-1~deb13u1
ii lynx [www-browser] 2.9.2-1
Versions of packages apache2 is related to:
ii apache2 2.4.65-2
ii apache2-bin 2.4.65-2
-- Configuration Files:
~/apache2/httpd.conf:
LoadModule mpm_prefork_module ${APACHE_COREPATH}/modules/mod_mpm_prefork.so
#LoadModule unixd_module ${APACHE_COREPATH}/modules/mod_unixd.so
LoadModule authz_core_module ${APACHE_COREPATH}/modules/mod_authz_core.so
LoadModule authz_host_module ${APACHE_COREPATH}/modules/mod_authz_host.so
LoadModule dir_module ${APACHE_COREPATH}/modules/mod_dir.so
LoadModule alias_module ${APACHE_COREPATH}/modules/mod_alias.so
LoadModule mime_module ${APACHE_COREPATH}/modules/mod_mime.so
LoadModule actions_module ${APACHE_COREPATH}/modules/mod_actions.so
LoadModule cgid_module ${APACHE_COREPATH}/modules/mod_cgid.so
LoadModule env_module ${APACHE_COREPATH}/modules/mod_env.so
LoadModule headers_module ${APACHE_COREPATH}/modules/mod_headers.so
LoadModule rewrite_module ${APACHE_COREPATH}/modules/mod_rewrite.so
DefaultRuntimeDir ${APACHE_COREPATH2}
PidFile ${APACHE_COREPATH2}/apache2.pid
HostnameLookups Off
LogLevel warn
ErrorLog ${APACHE_COREPATH2}/log/error.log
#TransferLog ${APACHE_COREPATH2}/log/access.log
Listen 9083
TypesConfig /etc/mime.types
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<VirtualHost *:9083>
DocumentRoot ${APACHE_COREPATH2}/www
DirectoryIndex index.html
SetEnv MYCONF_VAR "Hello"
SetEnv MYCONF_VAR2 "Bye"
RequestHeader set X-MYCONF-VAR "Hello-Header"
RequestHeader set X-MYCONF-VAR2 "Bye-Header"
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory /usr/lib/cgi-bin/>
Require all granted
Options FollowSymLinks ExecCGI
</Directory>
<Directory ${APACHE_COREPATH2}/www/>
Require all granted
Options +ExecCGI
#--- pl
AddHandler cgi-script .pl
#--- phtml
#AddHandler application/x-httpd-eperl .phtml
AddType application/x-httpd-eperl .phtml
Action application/x-httpd-eperl /cgi-bin/eperl
</Directory>
</VirtualHost>
-- no debconf information
Reply to: