Discussion:
CGI Scripts in OpenBSD
Hannah Broughton
2006-11-20 13:25:51 UTC
Permalink
Hi,

I'm completely new to openBSD and have been trying to configure apache
to run some CGI scripts.
I have apache working fine, but the CGI scripts are failing with error
500 and the log file reports "Premature end of script header".

I am very sure that this is not the script that is wrong, I have the
content-type header and have read many articles on the net about this
error and still can't fix the problem.

I have a feeling there may be some config specific to OpenBSD that I may
have missed in order to enable the running of CGI scripts?

Thanks for any help,
Hannah

This message has been checked for viruses but the contents of an attachment
may still contain software viruses, which could damage your computer system:
you are advised to perform your own checks. Email communications with the
University of Nottingham may be monitored as permitted by UK legislation.
Jack J. Woehr
2006-11-20 15:50:16 UTC
Permalink
Did you try the ones that come with OBSD? They're in /var/www/cgi-bin.
Just aim at http://yourhost/cgi-bin/printenv and tell us what happens.
Post by Hannah Broughton
Hi,
I'm completely new to openBSD and have been trying to configure
apache to run some CGI scripts.
--
Jack J. Woehr
Director of Development
Absolute Performance, Inc.
***@absolute-performance.com
303-443-7000 ext. 527
Jason LaRiviere
2006-11-20 16:36:39 UTC
Permalink
Post by Jack J. Woehr
Did you try the ones that come with OBSD? They're in /var/www/cgi-bin.
Just aim at http://yourhost/cgi-bin/printenv and tell us what happens.
Those are mode 000 by default, and will fail even after a chmod unless
perl is put inside the chroot.
Jack J. Woehr
2006-11-20 19:14:06 UTC
Permalink
Oh, yeah, you're right. They work for me. I forgot I ever moved Perl!
Post by Jason LaRiviere
Post by Jack J. Woehr
Did you try the ones that come with OBSD? They're in /var/www/cgi-
bin.
Just aim at http://yourhost/cgi-bin/printenv and tell us what
happens.
Those are mode 000 by default, and will fail even after a chmod unless
perl is put inside the chroot.
--
Jack J. Woehr
Director of Development
Absolute Performance, Inc.
***@absolute-performance.com
303-443-7000 ext. 527
Marc Espie
2006-11-20 15:50:56 UTC
Permalink
Post by Hannah Broughton
Hi,
I'm completely new to openBSD and have been trying to configure apache
to run some CGI scripts.
I have apache working fine, but the CGI scripts are failing with error
500 and the log file reports "Premature end of script header".
I am very sure that this is not the script that is wrong, I have the
content-type header and have read many articles on the net about this
error and still can't fix the problem.
I have a feeling there may be some config specific to OpenBSD that I may
have missed in order to enable the running of CGI scripts?
You've missed some FAQ entry.

Your stuff probably needs some libraries, and apache runs chroot'ed by
default.
Sam Fourman Jr.
2006-11-20 16:19:56 UTC
Permalink
I believe this portion of the OpenBSD FAQ may help you out.

http://www.openbsd.org/faq/faq10.html#httpdchroot


Sam Fourman Jr.
Post by Marc Espie
Post by Hannah Broughton
Hi,
I'm completely new to openBSD and have been trying to configure apache
to run some CGI scripts.
I have apache working fine, but the CGI scripts are failing with error
500 and the log file reports "Premature end of script header".
I am very sure that this is not the script that is wrong, I have the
content-type header and have read many articles on the net about this
error and still can't fix the problem.
I have a feeling there may be some config specific to OpenBSD that I may
have missed in order to enable the running of CGI scripts?
You've missed some FAQ entry.
Your stuff probably needs some libraries, and apache runs chroot'ed by
default.
Didier Wiroth
2006-11-20 15:46:32 UTC
Permalink
Post by Hannah Broughton
Hi,
I'm completely new to openBSD and have been trying to configure apache
to run some CGI scripts.
I have apache working fine, but the CGI scripts are failing with error
500 and the log file reports "Premature end of script header".
I am very sure that this is not the script that is wrong, I have the
content-type header and have read many articles on the net about this
error and still can't fix the problem.
I have a feeling there may be some config specific to OpenBSD that I may
have missed in order to enable the running of CGI scripts?
Thanks for any help,
Hannah
This message has been checked for viruses but the contents of an attachment
you are advised to perform your own checks. Email communications with the
University of Nottingham may be monitored as permitted by UK legislation.
Hello,
This is because you missed the following FAQ ;-) :
http://www.openbsd.org/faq/faq10.html#httpdchroot
and
man 8 httpd

To test your cgi in a non chroot environment, use "httpd -u"

If you use chroot you have to copy the required files in the chroot
environment.

Here is how to find which files you have to copy:
$ ldd `which perl`
/usr/bin/perl
/usr/lib/libperl.so.10.1
/usr/lib/libm.so.2.3
/usr/lib/libutil.so.11.0
/usr/lib/libc.so.39.3
/usr/libexec/ld.so

and copy them into the chroot environment, to have this:
/var/www/usr/bin/perl
/var/www/usr/lib/libperl.so.10.1
/var/www/usr/lib/libm.so.2.3
/var/www/usr/lib/libutil.so.11.0
/var/www/usr/lib/libc.so.39.3
/var/www/usr/libexec/ld.so

If you use extra fonctions in perl like for example: "use warnings" etc
you have to promote yourself as inspector Columbo and do some research
with something like "kdump httpd" and "ktrace -f ktrace.out | grep open
| more". You need to copy the missing files inside /var/www etc...
"FOR EXAMPLE" these files:
$ ll /var/www/usr/libdata/perl5/

total 100
drwxr-xr-x 2 root daemon 512 Oct 31 18:40 .
drwxr-xr-x 3 root daemon 512 Oct 31 08:40 ..
-r--r--r-- 1 root daemon 8840 Oct 31 18:31 Carp.pm
-r--r--r-- 1 root daemon 14419 Oct 31 18:31 Exporter.pm
-r--r--r-- 1 root daemon 3292 Oct 31 18:31 strict.pm
-r--r--r-- 1 root daemon 15879 Oct 31 18:31 warnings.pm

Good luck
Kind regards
Didier
Francisco Valladolid
2006-11-20 17:23:01 UTC
Permalink
hi, .. if you are new to OpenBSD, enabling chroot maybe difficult for you, i
recommended run apache without chroot.

disable it in /etc/rc.conf

httpd_flags="-u" # the -u option disable chroot

then you can run your cgi scripts from /var/www/cgi-bin/ only doing chmod
755 <script>

Regards.
Post by Hannah Broughton
Hi,
I'm completely new to openBSD and have been trying to configure apache
to run some CGI scripts.
I have apache working fine, but the CGI scripts are failing with error
500 and the log file reports "Premature end of script header".
I am very sure that this is not the script that is wrong, I have the
content-type header and have read many articles on the net about this
error and still can't fix the problem.
I have a feeling there may be some config specific to OpenBSD that I may
have missed in order to enable the running of CGI scripts?
Thanks for any help,
Hannah
This message has been checked for viruses but the contents of an attachment
you are advised to perform your own checks. Email communications with the
University of Nottingham may be monitored as permitted by UK legislation.
--
---
BSD - Unix simplicity.
Francisco Valladolid Hdez.
***@gmail.com
David Bryan
2006-12-19 02:24:48 UTC
Permalink
Once your scripts are working you could try to copy the files that are
need for the CGI script into the chrooted directory.

If the cgi script is a pre-compiled binary that has been linked to other
library's your can run the following to find out what it needs.

ldd /var/www/cgi-bin/your-prog

If it's just a cgi script with regular commands, you will have to copy
each command into the /var/www directory.

So lets say your script runs the banner command- so the following will
show what could be done to run the command with-in a chrooted apache server.

$ ldd /usr/bin/banner
/usr/bin/banner:
Start End Type Open Ref GrpRef Name
00000000 00000000 exe 1 0 0 /usr/bin/banner
0c54d000 2c57e000 rlib 0 1 0 /usr/lib/libc.so.39.0
0b67a000 0b67a000 rtld 0 1 0 /usr/libexec/ld.so

So we need libc and ld.so with the same paths in /var/www... so:

First- create some of the standard files that many binaries look for-
mkdir /var/www/etc
grep "www" /etc/passwd > /var/www/etc/passwd
grep "localhost" /etc/hosts > /var/www/etc/hosts
cp /etc/resolv.conf /var/www/etc

Next- we will copy the files in place.
mkdir /var/www/usr/bin
mkdir /var/www/usr/lib
mkdir /var/www/usr/libexec
# Do the following as root, or sudo
cp -p /usr/bin/banner /var/www/bin
cp -p /usr/lib/libc.so.39.0 /var/www/lib
cp -p /usr/libexec/ld.so /var/www/libexec
# you may or may not need this...
cp -p /bin/sh /var/www/bin

There are plenty of FAQs on setting up binaries and script to run in a
chrooted environment, and I would highly recommend that people start
making this stuff work, rather then going for a less secure web server
and scripts. It's just a matter of time before apache has a major flaw,
or something in a script fails.

Have fun!
Post by Francisco Valladolid
hi, .. if you are new to OpenBSD, enabling chroot maybe difficult for you, i
recommended run apache without chroot.
disable it in /etc/rc.conf
httpd_flags="-u" # the -u option disable chroot
then you can run your cgi scripts from /var/www/cgi-bin/ only doing chmod
755 <script>
Regards.
Post by Hannah Broughton
Hi,
I'm completely new to openBSD and have been trying to configure apache
to run some CGI scripts.
I have apache working fine, but the CGI scripts are failing with error
500 and the log file reports "Premature end of script header".
I am very sure that this is not the script that is wrong, I have the
content-type header and have read many articles on the net about this
error and still can't fix the problem.
I have a feeling there may be some config specific to OpenBSD that I may
have missed in order to enable the running of CGI scripts?
Thanks for any help,
Hannah
This message has been checked for viruses but the contents of an attachment
you are advised to perform your own checks. Email communications with the
University of Nottingham may be monitored as permitted by UK legislation.
Craig Skinner
2006-11-20 20:30:42 UTC
Permalink
Post by Hannah Broughton
Hi,
I'm completely new to openBSD and have been trying to configure apache
to run some CGI scripts.
I have apache working fine, but the CGI scripts are failing with error
500 and the log file reports "Premature end of script header".
Ensure /var/www is not mounted noexec, so that the scripts can be
executed:

$ mount | fgrep /var/www
Han Boetes
2006-11-20 21:38:07 UTC
Permalink
Post by Craig Skinner
Ensure /var/www is not mounted noexec, so that the scripts can
$ mount | fgrep /var/www
Does this work better? ;-)

set -- $(\df /usr/local/bin); shift 12; mount |grep " $1 "



# Han
Craig Skinner
2006-11-20 22:17:38 UTC
Permalink
Post by Han Boetes
Post by Craig Skinner
Ensure /var/www is not mounted noexec, so that the scripts can
$ mount | fgrep /var/www
Does this work better? ;-)
set -- $(\df /usr/local/bin); shift 12; mount |grep " $1 "
No, unless you have apache in /usr/local:

Did you mean:

$ mount | fgrep $(df /var/www/cgi-bin | tr -s " " "\n" | tail -n 1)

or

$ mount | fgrep $(df /var/www/cgi-bin | awk '/dev/ {print $6}')
Loading...