Anyone of you work with hiawatha webserver 6.14 (but I have tryed varius
versions) in OpenBSD 4.5 GENERIC i386?
The program cgi-wrapper won't set suid correctly!
I state that the exact same configuration work very fine into
Linux ubuntu with custom kernel 2.6.30 and I move it into OpenBSD 4.5.
# Hiawatha main configuration file
#
# GENERAL SETTINGS
#
ServerId = www-data
ConnectionsTotal = 150
ConnectionsPerIP = 10
SystemLogfile = /var/log/hiawatha/system.log
GarbageLogfile = /var/log/hiawatha/garbage.log
# BINDING SETTINGS
# A binding is where a client can connect to.
#
Binding {
Port = 80
Interface = 127.0.0.1
TimeForRequest = 3,20
}
Binding {
Port = 80
Interface = 128.0.0.2
TimeForRequest = 3,20
}
#
CGIhandler = /usr/bin/perl:pl
CGIextension = cgi
CGIwrapper = /usr/local/sbin/cgi-wrapper
Hostname = 127.0.0.1
WebsiteRoot = /var/www/hiawatha
StartFile = index.html
AccessLogfile = /var/log/hiawatha/access.log
ErrorLogfile = /var/log/hiawatha/error.log
#ErrorHandler = 404:/error.cgi
# VIRTUAL HOSTS
# Use a VirtualHost section to declare the websites you want to host.
#
VirtualHost {
Hostname = 128.0.0.2
WebsiteRoot = /var/www/hsools/perl
StartFile = index.html
AccessLogfile = /var/www/hsools/log/access.log
ErrorLogfile = /var/www/hsools/log/error.log
ExecuteCGI = yes
RequireSSL = yes
WrapCGI = hsools
TimeForCGI = 5
}
# CGI wrapper configuration
#
# Use the 'newroot' tool to copy applications to a chroot directory.
# CGIhandler = /path/to/cgi-handler
#
CGIhandler = /usr/bin/perl
# Wrap = <wrap-id>;<cgiroot>;<userid>[:<group>]
#
Wrap = hsools ; /var/www/hsools ; 1005:1005
$ /usr/local/sbin/wignam
Using /usr/local/etc/hiawatha
Reading httpd.conf
No non-fatal errors found in the Hiawatha configuration.
$ mount
/dev/wd0a on / type ffs (local)
/dev/wd0d on /home type ffs (local, nodev, noexec, nosuid)
/dev/wd0e on /usr type ffs (local, nodev)
/dev/wd0f on /var type ffs (local, nodev, nosuid)
mfs:3856 on /tmp type mfs (local, size=204800 512-blocks)
$ ls -l /var/www
total 12
drwxr-xr-x 2 root wheel 512 Jun 10 20:17 hiawatha
drwxr-xr-x 6 myacc hsools 512 Jun 10 15:57 hsools
$ ls -l /var/www/hsools
total 16
drwxr-x--x 2 myacc hsools 512 Sep 5 13:22 log
drwxr-xr-x 2 myacc hsools 512 Jun 10 19:35 perl
$ ls -l /var/www/hsools/perl
total 12
-rwxr-xr-- 1 myacc hsools 1090 Jun 10 15:58 index.html
-rwxr-x--- 1 myacc hsools 829 Jun 10 19:35 login_admin.cgi
$ ls -l /usr/local/sbin
total 2552
-rwsr-xr-x 1 root wheel 57854 Sep 7 11:02 cgi-wrapper
-rwxr-xr-x 1 root wheel 707955 Sep 7 11:02 hiawatha
-rwxr-xr-x 1 root wheel 2488 Sep 7 11:02 newroot
-rwxr-xr-x 1 root wheel 68672 Sep 7 11:02 php-fcgi
-rwxr-xr-x 1 root wheel 72329 Sep 7 11:02 wigwam
$ cat /var/www/hsools/log/error.log
Mon 07 Sep 2009 10:34:17
+0200|128.0.0.2|/var/www/hsools/perl/login_admin.cgi|access denied via
filesystem
Mon 07 Sep 2009 11:42:35
+0200|128.0.0.2|/var/www/hsools/perl/login_admin.cgi|access denied via
filesystem
Mon 07 Sep 2009 11:52:10
+0200|128.0.0.2|/var/www/hsools/perl/login_admin.cgi|access denied via
filesystem
Why cgi-wrapper don't set correctly suid 'hsools'?
Many Thanks
Marco
