Discussion:
My cgi script stopped working!
(too old to reply)
Rocket Ray
2005-06-21 16:50:29 UTC
Permalink
I have a simple counter cgi script for my web page, and it has stopped
working. Can anyone tell me why (I haven't changed anything, it just
stopped working)?
Jim Menard
2005-06-21 16:56:57 UTC
Permalink
Post by Rocket Ray
I have a simple counter cgi script for my web page, and it has stopped
working. Can anyone tell me why (I haven't changed anything, it just
stopped working)?
Make sure it's in your cgi-bin directory. Prism changed server options so that
only CGI scripts inside cgi-bin will run.

Prism made a bunch of changes to the Web server setup one weekend a while
back, WITHOUT TELLING ANYBODY. When I saw that my scripts stopped working, I
had to ask why.

I'm becoming more dissatisfied with Prism as time goes on.

Jim
--
Jim Menard, ***@io.com, http://www.io.com/~jimm/
"Even anarchists have an agenda." -- Keith Beal
Joshua Kronengold
2005-06-21 20:25:50 UTC
Permalink
Post by Jim Menard
Make sure it's in your cgi-bin directory. Prism changed server options so that
only CGI scripts inside cgi-bin will run.
Alternatively, just add the following to your top level .htaccess file:

Options +ExecCGI
AddHandler cgi-script cgi
Post by Jim Menard
Prism made a bunch of changes to the Web server setup one weekend a while
back, WITHOUT TELLING ANYBODY. When I saw that my scripts stopped working, I
had to ask why.
Didn't break anything of mine, and I serve a lot of cgi scripts (including
rss feeds which I -would- have noticed had they broken. Though...why the
hell did io have cgi turned on by default in the first place? That just
isn't secure.

Which doesn't, of course, mean that mucking withe the configuration (or more
likely, migrating the io webservice to their exisiting platform, since that's
their general plan), without notification, is right.
--
Joshua Kronengold (mneme@(io.com, labcats.org)) |\ _,,,--,,_ ,)
--^-- "Remember the Doom Team code!" says Tom. /,`.-'`' -, ;-;;'
/\\ "You don't have to die just because some |,4- ) )-,_ ) /\
/-\\\ people think your existence is evil!" '---''(_/--' (_/-'
Rocket Ray
2005-06-22 12:51:17 UTC
Permalink
Options +ExecCGI AddHandler cgi-script cgi
Well, I made a file called .htaccess with those lines, put it in both my
home directory and public-web directory, and it still doesn't work. Do I
need other stuff in that file?
Jim Menard
2005-06-22 16:04:53 UTC
Permalink
Post by Rocket Ray
Options +ExecCGI AddHandler cgi-script cgi
Well, I made a file called .htaccess with those lines, put it in both my
home directory and public-web directory, and it still doesn't work. Do I
need other stuff in that file?
Here is part of a response from a PrismNet admin. I don't know if this will
help.

It also seems that some applications might have moved from /usr/bin to
/usr/local/bin or vice versa.

================================================================

Jim,

We have made several changes with regard to home page security.

IO's original www administrators allowed cgi access to any directory
in the www and home tree. When we overhauled the www server this
weekend we changed the default behaviour of the server to only allow
cgi scripting in the ~/public-web/cgi-bin tree by default. We also
will now only parse included files as .shtml.

However we did allow individual users who wanted this ability to
change their own .htaccess file to add these options to their website.

This change was necessary because of the number of successful hacking
attempts via the web server. If any specific user had a comprimisable
cgi-script which would allow someone to "write" files to any directory
on the server they could then run those files. We were seeing scripts
showing up in /tmp, /var/tmp, all throughout the home tree as well as
other location.

With this new setup the only location where this type of behaviour is
active is in the cgi-bin directory unless the individual user opens up
their entire www tree to this type of hack.

Our default options for user home pages are now

Includes
MultiViews
Indexes
SymLinksIfOwnerMatch
IncludesNoExec

================================================================
Jim
--
Jim Menard, ***@io.com, http://www.io.com/~jimm/
"What's a Superbowl? Does it save the city from ruin and destruction ON TOP
OF containing some part of a complete breakfast?" -- J. on alt.fan.tom-servo
Rocket Ray
2005-06-22 17:09:44 UTC
Permalink
Jim Menard wrote:

Jim, I appreciate you helping with this. Since the cgi script is in the
We also will now only parse included files as .shtml.
might be the snag. The counter script references a counter.txt file which
contains the number to be incremented. Could that be the problem? (Hey,
Prismnet admins, just feel free to jump in here and help with this, okay?)
Jim Menard
2005-06-23 13:39:26 UTC
Permalink
Post by Rocket Ray
Jim, I appreciate you helping with this. Since the cgi script is in the
We also will now only parse included files as .shtml.
might be the snag. The counter script references a counter.txt file which
contains the number to be incremented. Could that be the problem? (Hey,
Prismnet admins, just feel free to jump in here and help with this, okay?)
No, "parse" means process server-side include statements like
<!--#exec cgi="blah"-->
and
<!--#include virtual="file.html"-->
inside of .shtml files.

To fix that problem, I added
AddHandler server-parsed .html
to the .htaccess file at the root of my Web directory.

Your counter.txt file needs to be world-readable, but that's probably true
already since your script used to work properly.

On the other hand, you've given me something to think about. Some of my CGI
scripts work, some don't. If I'm not mistaken, the ones that don't work are
the ones that need to read data files. Hmm.

Jim
--
Jim Menard, ***@io.com, http://www.io.com/~jimm/
As a math major, I don't have to be able to add -- I just have to be able
to PROVE that I can add.
Joshua Kronengold
2005-06-23 18:52:27 UTC
Permalink
Post by Jim Menard
On the other hand, you've given me something to think about. Some of my CGI
scripts work, some don't. If I'm not mistaken, the ones that don't work are
the ones that need to read data files. Hmm.
OTOH, all of my scripts work, including:

http://www.io.com/~mneme/girlgenius/ : reads a library from an external file
http://www.io.com/~mneme/buttons/ : reads and writes external files

However, I'll note that for whatever reason, the latter isn't
writing external files.

Interesting -- prism may be mounting the webdir ro, which is very clever
except that it doesn't allow for anywhere for cgi data to, well, go.

(I think having two mounted directories -- public_html for webstuff, which is
RO, and public_data (or something) for data, which is RW but noexec, would
be just fine, but they're not doing this.
--
Joshua Kronengold (mneme@(io.com, labcats.org)) |\ _,,,--,,_ ,)
--^-- "Remember the Doom Team code!" says Tom. /,`.-'`' -, ;-;;'
/\\ "You don't have to die just because some |,4- ) )-,_ ) /\
/-\\\ people think your existence is evil!" '---''(_/--' (_/-'
Rocket Ray
2005-06-22 12:47:15 UTC
Permalink
Post by Jim Menard
Make sure it's in your cgi-bin directory. Prism changed server options
so that only CGI scripts inside cgi-bin will run.
But it is in the cgi-bin directory. And it worked fine until recently,
that's what's so weird.
Loading...