Re: WTF is up with apache?!
On Sat, 11 Dec 1999, Technical Support wrote:
> DocumentRoot /home/decorwholesale.com/www
> ScriptAlias /cgi-bin/ /home/decorwholesale.com/cgi-bin/
> [1999-12-11 13:33:01]: command not in docroot
> (/home/decorwholesale.com/cgi-bin/secure/test.pl)
this might even make sense to me, however i'd call this somewhat
idiotic... from suexec.html:
13. Is the directory within the Apache webspace?
If the request is for a regular portion of the server, is the
requested directory within the server's document root?
now the obvious question arising is, is a directory
_aliased_under_the_real_docroot_ under the docroot or not ?
anyway, i tracked this down a bit. (nb. i'm no programmer, i can read
c a bit, that's all, so everything under this may very well be a big
pile o' sh*t. you've been warned.)
the situation is even worse. it's not about having directories aliased
under the (virtualhost's) docroot and comparing cwd to that. it's
about having the DocumentRoot defined in the _main server config_
and comparing the current working dirs in the _virtualhost_ to that.
illustrating:
main server cfg says, DocumentRoot /var/www
very well, i'm putting the company webpages there. now i'm setting up
a virtual host for myself:
<VirtualHost ice.foo>
DocumentRoot /home/ice/foo/www
ScriptAlias /cgi-bin/ /home/ice/foo/cgi-bin/
User ice
Group ice # and i want my cgis to be wrapped, too
.. other blah ..
</VirtualHost>
now, apply the following patch to suexec.c:
--- suexec.c~ Tue Jun 22 02:51:41 1999
+++ suexec.c Sun Dec 12 00:01:25 1999
@@ -454,7 +454,7 @@
}
if ((strncmp(cwd, dwd, strlen(dwd))) != 0) {
- log_err("command not in docroot (%s/%s)\n", cwd, cmd);
+ log_err("command not in docroot (cmd: %s cwd: %s dwd: %s)\n", cmd, cwd, dwd);
exit(114);
}
(sorry, over 80+ chars, i did not want this nice, just working :)
this barfs some more info at the relevant place. (nb. it goes against
the upstream suexec.c source, however i didnt find anything in the
debian patches that would go against suexec.c, anyway, didnt look too
hard).
now, what is barfs is:
[1999-12-12 00:19:51]: uid: (ice/ice) gid: (ice/ice) cmd: x.cgi
[1999-12-12 00:19:51]: command not in docroot (cmd: x.cgi cwd:
/home/ice/foo/cgi-bin dwd: /var/www)
the problem is obvious from here. why does a vhost's docroot have to
be under the main docroot ?
is this a security consideration ? if yes, would someone light me up,
why ? if not, could this be changed (which is ways over my
knowledge) (netgod?) ?
and please, if this is stupid, tell me where did i go wrong.
thanks,
--
[-]
- Túlélsz, pöcök.
Reply to: