Permission problem with CGI script

Andy Selby andyfrommk at gmail.com
Thu Jul 15 09:02:35 PDT 2010


>> This might suggest that by default fedora apache is more secure? (not that
>> I use fedora any more). Anyway, for something redhat derived for a server
>> you should use CentOS.
>
> it probably is since selinux is enabled. which in my experinence just casues
> more problems than it solves or at least just gets in the way a lot.

SELINUX! Damn, as soon as I read that I knew it was the culprit, same
story with my graphics card driver,
locate could locate the module but insmod said file not found just as
it would stop apache writing to a directory apache has write access
to.

That got it working on the Fedora system and I solved that
'Inappropriate ioctl for device' message, it was line 23,
'print $!;'
which for the life of me I can't think why it was there.

>>[root at xyphen ~]# suexec -v
>>suexec policy violation: see suexec log for more details

>Ahh, you need a capital V "suexec -V"

<strong>D'OH</strong>

Jan,Tom I will certainly investigate three way open, although I
thought taint mode was the preferred choice of stopping special
characters being passed to the interpretor (and, thus, thwarting a
robert'); DROP TABLES students;-- and `cat ../../../etc/passwd`)

I removed the 'or die' part since I realised the lines in apache's
error log was whatever you write between 'or die' and '$!', and I
wondered why the error message was useless, I wrote it!

Thanks for all your help guys,

Andy


More information about the MiltonKeynes-pm mailing list