Re: WTF is up with apache?!
I thought that I would be a genius and simply comment out the exit in
suexec.c leaving in the warning. No go. It could be that I am all screwed
up but:
What and where the hell are dh_*dir programs being called out of
debian/rules in apache src? Yes this is my first build under potato
(I inherited this mess from a previous admin) but I've never had these
problems before.
After I find these missing programs, what were the original build options
to configure? I just need to get this one thing working. Everything else
needs to stay put.
I've been at this since 5am so is I sound a little frustrated please
forgive me. Just a long week(end),
On Sun, 12 Dec 1999, Tamas TEVESZ wrote:
> On Sat, 11 Dec 1999, Technical Support wrote:
>
> > DocumentRoot /home/decorwholesale.com/www
>
> > ScriptAlias /cgi-bin/ /home/decorwholesale.com/cgi-bin/
>
> > [1999-12-11 13:33:01]: command not in docroot
> > (/home/decorwholesale.com/cgi-bin/secure/test.pl)
>
> this might even make sense to me, however i'd call this somewhat
> idiotic... from suexec.html:
>
> 13. Is the directory within the Apache webspace?
>
> If the request is for a regular portion of the server, is the
> requested directory within the server's document root?
>
> now the obvious question arising is, is a directory
> _aliased_under_the_real_docroot_ under the docroot or not ?
>
> anyway, i tracked this down a bit. (nb. i'm no programmer, i can read
> c a bit, that's all, so everything under this may very well be a big
> pile o' sh*t. you've been warned.)
>
> the situation is even worse. it's not about having directories aliased
> under the (virtualhost's) docroot and comparing cwd to that. it's
> about having the DocumentRoot defined in the _main server config_
> and comparing the current working dirs in the _virtualhost_ to that.
>
> illustrating:
>
> main server cfg says, DocumentRoot /var/www
>
> very well, i'm putting the company webpages there. now i'm setting up
> a virtual host for myself:
>
> <VirtualHost ice.foo>
> DocumentRoot /home/ice/foo/www
> ScriptAlias /cgi-bin/ /home/ice/foo/cgi-bin/
> User ice
> Group ice # and i want my cgis to be wrapped, too
> .. other blah ..
> </VirtualHost>
>
> now, apply the following patch to suexec.c:
>
> --- suexec.c~ Tue Jun 22 02:51:41 1999
> +++ suexec.c Sun Dec 12 00:01:25 1999
> @@ -454,7 +454,7 @@
> }
>
> if ((strncmp(cwd, dwd, strlen(dwd))) != 0) {
> - log_err("command not in docroot (%s/%s)\n", cwd, cmd);
> + log_err("command not in docroot (cmd: %s cwd: %s dwd: %s)\n", cmd, cwd, dwd);
> exit(114);
> }
>
> (sorry, over 80+ chars, i did not want this nice, just working :)
> this barfs some more info at the relevant place. (nb. it goes against
> the upstream suexec.c source, however i didnt find anything in the
> debian patches that would go against suexec.c, anyway, didnt look too
> hard).
>
> now, what is barfs is:
>
> [1999-12-12 00:19:51]: uid: (ice/ice) gid: (ice/ice) cmd: x.cgi
> [1999-12-12 00:19:51]: command not in docroot (cmd: x.cgi cwd:
> /home/ice/foo/cgi-bin dwd: /var/www)
>
> the problem is obvious from here. why does a vhost's docroot have to
> be under the main docroot ?
>
> is this a security consideration ? if yes, would someone light me up,
> why ? if not, could this be changed (which is ways over my
> knowledge) (netgod?) ?
>
> and please, if this is stupid, tell me where did i go wrong.
>
> thanks,
>
> --
> [-]
> - Túlélsz, pöcök.
>
>
>
>
>
-----------------------------------------------------
Jaysen O'Dell
Oatka Data Solutions
Technical Support -- <tech@oatka.net>
AcornWorld Internet Services
System Administrator <sysadmin@acornworld.net>
Reply to: