You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Sebastian Bergmann <sb...@sebastian-bergmann.de> on 2001/08/29 21:24:14 UTC
PHP4 as CGI with 2.0.25
Hi there,
I just updated to 2.0.25 on my Win32 system, where I have the
following lines in the httpd.conf to use PHP 4 as CGI
ScriptAlias /php/ "e:/server/php/"
AddType application/x-httpd-php .php
Action application/x-httpd-php "/php/php.exe"
Action application/x-httpd-php-source "/php/php.exe"
This worked fine until now. Now I only get an
The requested URL /php/php.exe/index.php was not found on
this server.
error when trying to access /index.php.
Were there any changes that I might have missed?
--
Sebastian Bergmann Measure Traffic & Usability
http://sebastian-bergmann.de/ http://phpOpenTracker.de/
Re: PHP4 as CGI with 2.0.25
Posted by Sebastian Bergmann <sb...@sebastian-bergmann.de>.
"William A. Rowe, Jr." wrote:
> that's the bug I'm attacking, at the moment. Thanks for the
> details.
It works again now, thanks.
--
Sebastian Bergmann Measure Traffic & Usability
http://sebastian-bergmann.de/ http://phpOpenTracker.de/
Re: PHP4 as CGI with 2.0.25
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
Sebastian,
that's the bug I'm attacking, at the moment. Thanks for the details.
Bill
----- Original Message -----
From: "Sebastian Bergmann" <sb...@sebastian-bergmann.de>
To: <de...@httpd.apache.org>
Sent: Thursday, August 30, 2001 9:34 AM
Subject: Re: PHP4 as CGI with 2.0.25
> Jeff Trawick wrote:
> > I put a fix into server/core.c to fix an unbelievably drastic
> > problem (loop and/or segfault on main path) which was introduced
> > during the evening. You might want to try it again.
>
> The crash is gone now, but the
>
> The requested URL /php/php.exe/index.php was not found on
> this server.
>
> problem is still there.
>
> --
> Sebastian Bergmann Measure Traffic & Usability
> http://sebastian-bergmann.de/ http://phpOpenTracker.de/
>
Re: PHP4 as CGI with 2.0.25
Posted by Sebastian Bergmann <sb...@sebastian-bergmann.de>.
Jeff Trawick wrote:
> I put a fix into server/core.c to fix an unbelievably drastic
> problem (loop and/or segfault on main path) which was introduced
> during the evening. You might want to try it again.
The crash is gone now, but the
The requested URL /php/php.exe/index.php was not found on
this server.
problem is still there.
--
Sebastian Bergmann Measure Traffic & Usability
http://sebastian-bergmann.de/ http://phpOpenTracker.de/
Re: PHP4 as CGI with 2.0.25
Posted by Jeff Trawick <tr...@attglobal.net>.
Sebastian Bergmann <sb...@sebastian-bergmann.de> writes:
> "William A. Rowe, Jr." wrote:
> > I hope to have an answer today.
>
> Just compiled the current CVS to test if the problem might be
> gone, but now Apache.exe crashes upon request.
I put a fix into server/core.c to fix an unbelievably drastic problem
(loop and/or segfault on main path) which was introduced during the
evening. You might want to try it again.
--
Jeff Trawick | trawick@attglobal.net | PGP public key at web site:
http://www.geocities.com/SiliconValley/Park/9289/
Born in Roswell... married an alien...
Re: PHP4 as CGI with 2.0.25
Posted by Sebastian Bergmann <sb...@sebastian-bergmann.de>.
"William A. Rowe, Jr." wrote:
> I hope to have an answer today.
Just compiled the current CVS to test if the problem might be
gone, but now Apache.exe crashes upon request.
--
Sebastian Bergmann Measure Traffic & Usability
http://sebastian-bergmann.de/ http://phpOpenTracker.de/
Re: PHP4 as CGI with 2.0.25
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
From: "Sebastian Bergmann" <sb...@sebastian-bergmann.de>
Sent: Wednesday, August 29, 2001 2:24 PM
> Hi there,
>
> I just updated to 2.0.25 on my Win32 system, where I have the
> following lines in the httpd.conf to use PHP 4 as CGI
>
> ScriptAlias /php/ "e:/server/php/"
> AddType application/x-httpd-php .php
> Action application/x-httpd-php "/php/php.exe"
> Action application/x-httpd-php-source "/php/php.exe"
>
> This worked fine until now. Now I only get an
>
> The requested URL /php/php.exe/index.php was not found on
> this server.
>
> error when trying to access /index.php.
>
> Were there any changes that I might have missed?
Yes, the directory negotiation and AddType handling. I need to walk back
now and look at the action directive. Perhaps I interfered with it, or
perhaps it's interfering with my patch.
I hope to have an answer today.
Also - note that names are -heavily- canonicalized now, so it's possible
that something that just 'slipped through' in spite of one of the
ap_os_canonicalize_filename flavors is now caught. Likewise, I've tried
to catch every abuse of ap_make_full_path and toggle it to apr_filepath_merge,
leaving ap_make_full_path stuff to merge URIs. I may have missed the correct
choice to treat-as-uri, or to treat-as-path.
Finally, ap_directory_walk now insists on real file names. If a module will
circumvent the filesystem (e.g. it invents a bogus filename _just to get by_,
we should now catch that.) An entry should appear in your error log.
If a module (or an action - I'll look!) needs to bypass the filesystem to do
funny business, that's fine, it just returns an OK result code from the new
map_to_storage hook (register it simply as APR_HOOK_MIDDLE) if it can claim
the request.
This alone should eliminate entire classes of security advisories that have
revolved around canonical paths, 'tricking the server' into serving instead
of parsing dynamic content, etc. More work remains, but this was the underpinning.
Bill