You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Jürgen Mathwich <ju...@4950.net> on 2009/02/12 08:59:00 UTC
[users@httpd] passing all env vars to a cgi
Hi
I 've got a problem regarding apache's environ handling. I know about the usage of SetEnv and
PassEnv. To use them I have to know the key/name of every single environ variable.
When doing a
# cat /proc/<APACHE-PID>/environ
it shows me more variables than the cgi knows about. Now I have a project where I need to pass all
the vars without knowing their keys to the cgi (just ALL of them), but I don't have any idea how to
solve this in a easy way.
Maybe some of you had a similar problem in the past and know how to solve it.
Thanks
Juergen
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] passing all env vars to a cgi
Posted by Torsten Foertsch <to...@gmx.net>.
On Thu 12 Feb 2009, Jürgen Mathwich wrote:
> When doing a
>
> # cat /proc/<APACHE-PID>/environ
>
> it shows me more variables than the cgi knows about. Now I have a
> project where I need to pass all the vars without knowing their keys
> to the cgi (just ALL of them), but I don't have any idea how to solve
> this in a easy way.
Why not just read that file?
If you are using perl perhaps the following one-liner helps. In your
script it would look like "%ENV=do{...};"
perl -Mstrict -MData::Dumper -e 'my %h=do{local $_; local $/="\0"; local
@ARGV=("/proc/".getppid."/environ"); map {split /=/, $_, 2} <>}; print
Dumper \%h'
Torsten
--
Need professional mod_perl support?
Just hire me: torsten.foertsch@gmx.net
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] passing all env vars to a cgi
Posted by André Warnier <aw...@ice-sa.com>.
André Warnier wrote:
> Karel Kubat wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi,
>>
>> On Feb 12, 2009, at 8:59 AM, Jürgen Mathwich wrote:
>>
>>> I 've got a problem regarding apache's environ handling. I know about
>>> the usage of SetEnv and
>>> PassEnv. To use them I have to know the key/name of every single
>>> environ variable.
>>>
>>> When doing a
>>>
>>> # cat /proc/<APACHE-PID>/environ
>>>
>>> it shows me more variables than the cgi knows about. Now I have a
>>> project where I need to pass all
>>> the vars without knowing their keys to the cgi (just ALL of them),
>>> but I don't have any idea how to
>>> solve this in a easy way.
>>>
>>> Maybe some of you had a similar problem in the past and know how to
>>> solve it.
>>
>> This will depend on the platform of your CGI programs. E.g., in Perl
>> there is the hash %ENV. In C there is the third argument to main(),
>> **envp. In shell script you can use your above way, but more portable
>> is running /usr/bin/env.
>>
> Hi.
> I don't think that works.
> It is Apache who decides which of the environment values *of Apache*.
> gets passed to the cgi-bin environment. The cgi-bin script then only
> sees *these* environment values.
> So whatever you do in the cgi-bin script (no matter which language it is
> written in), is never going to show you more than what Apache passes on.
>
> To take the problem from the other end : by default, Apache only passes
> some environment values to cgi-bin scripts. Those are the ones defined
> by the cgi-bin specs (such as DOCUMENT_ROOT etc..). The reasons for
> that are linked to security and to the cost of setting up that environment.
> To force Apache to pass more values, exist the (static) configuration
> directives PassEnv and SetEnv. But as the OP says, this means you have
> to know in advance which environment values you want to pass.
> I don't think that there is a way to do otherwise, and maybe rightly so.
>
> Now the real question is, what kind of project would require ALL Apache
> environment values to be made available to the cgi-bin script ?
> I mean, if you don't even know the name of an environment variable of
> Apache, then why would you need the cgi-bin to get its value ?
> In other words, what are you going to do with it, if you don't even know
> what it's for ?
>
Re-reading the above, I want to add something, because it seems to me
that it is still not clear enough :
Suppose that you would find a way to do that (pass ALL Apache
environment values to ALL cgi-bin scripts). In my opinion, you are then
creating a BIG security problem. Exmple : one of these environment
values (which you did not notice until now), may contain an
administrative password to some confidential database. That value would
then suddenly become available to all cgi-bin scripts that run under Apache.
Another aspect is name conflicts : if you are doing this to allow a
number of applications that you do not really know, to find values they
need, then how can you guarantee that two different applications are not
using the same environment value name, for different things ?
In other words, you may have thought of this as a cheap substitute for a
lot of painful work, but I really don't think it is a good idea.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] passing all env vars to a cgi
Posted by André Warnier <aw...@ice-sa.com>.
Karel Kubat wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> On Feb 12, 2009, at 8:59 AM, Jürgen Mathwich wrote:
>
>> I 've got a problem regarding apache's environ handling. I know about
>> the usage of SetEnv and
>> PassEnv. To use them I have to know the key/name of every single
>> environ variable.
>>
>> When doing a
>>
>> # cat /proc/<APACHE-PID>/environ
>>
>> it shows me more variables than the cgi knows about. Now I have a
>> project where I need to pass all
>> the vars without knowing their keys to the cgi (just ALL of them), but
>> I don't have any idea how to
>> solve this in a easy way.
>>
>> Maybe some of you had a similar problem in the past and know how to
>> solve it.
>
> This will depend on the platform of your CGI programs. E.g., in Perl
> there is the hash %ENV. In C there is the third argument to main(),
> **envp. In shell script you can use your above way, but more portable is
> running /usr/bin/env.
>
Hi.
I don't think that works.
It is Apache who decides which of the environment values *of Apache*.
gets passed to the cgi-bin environment. The cgi-bin script then only
sees *these* environment values.
So whatever you do in the cgi-bin script (no matter which language it is
written in), is never going to show you more than what Apache passes on.
To take the problem from the other end : by default, Apache only passes
some environment values to cgi-bin scripts. Those are the ones defined
by the cgi-bin specs (such as DOCUMENT_ROOT etc..). The reasons for
that are linked to security and to the cost of setting up that environment.
To force Apache to pass more values, exist the (static) configuration
directives PassEnv and SetEnv. But as the OP says, this means you have
to know in advance which environment values you want to pass.
I don't think that there is a way to do otherwise, and maybe rightly so.
Now the real question is, what kind of project would require ALL Apache
environment values to be made available to the cgi-bin script ?
I mean, if you don't even know the name of an environment variable of
Apache, then why would you need the cgi-bin to get its value ?
In other words, what are you going to do with it, if you don't even know
what it's for ?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] passing all env vars to a cgi
Posted by André Warnier <aw...@ice-sa.com>.
Karel Kubat wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> On Feb 12, 2009, at 8:59 AM, Jürgen Mathwich wrote:
>
>> I 've got a problem regarding apache's environ handling. I know about
>> the usage of SetEnv and
>> PassEnv. To use them I have to know the key/name of every single
>> environ variable.
>>
>> When doing a
>>
>> # cat /proc/<APACHE-PID>/environ
>>
>> it shows me more variables than the cgi knows about. Now I have a
>> project where I need to pass all
>> the vars without knowing their keys to the cgi (just ALL of them), but
>> I don't have any idea how to
>> solve this in a easy way.
>>
>> Maybe some of you had a similar problem in the past and know how to
>> solve it.
>
> This will depend on the platform of your CGI programs. E.g., in Perl
> there is the hash %ENV. In C there is the third argument to main(),
> **envp. In shell script you can use your above way, but more portable is
> running /usr/bin/env.
>
Hi.
I don't think that works.
It is Apache who decides which of the environment values *of Apache*.
gets passed to the cgi-bin environment. The cgi-bin script then only
sees *these* environment values.
So whatever you do in the cgi-bin script (no matter which language it is
written in), is never going to show you more than what Apache passes on.
To take the problem from the other end : by default, Apache only passes
some environment values to cgi-bin scripts. Those are the ones defined
by the cgi-bin specs (such as DOCUMENT_ROOT etc..). The reasons for
that are linked to security and to the cost of setting up that environment.
To force Apache to pass more values, exist the (static) configuration
directives PassEnv and SetEnv. But as the OP says, this means you have
to know in advance which environment values you want to pass.
I don't think that there is a way to do otherwise, and maybe rightly so.
Now the real question is, what kind of project would require ALL Apache
environment values to be made available to the cgi-bin script ?
I mean, if you don't even know the name of an environment variable of
Apache, then why would you need the cgi-bin to get its value ?
In other words, what are you going to do with it, if you don't even know
what it's for ?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] passing all env vars to a cgi
Posted by Jürgen Mathwich <ju...@4950.net>.
Am Donnerstag 12 Februar 2009 10:44:37 schrieb Karel Kubat:
> Hi,
>
> On Feb 12, 2009, at 8:59 AM, Jürgen Mathwich wrote:
> > I 've got a problem regarding apache's environ handling. I know
> > about the usage of SetEnv and
> > PassEnv. To use them I have to know the key/name of every single
> > environ variable.
> >
> > When doing a
> >
> > # cat /proc/<APACHE-PID>/environ
> >
> > it shows me more variables than the cgi knows about. Now I have a
> > project where I need to pass all
> > the vars without knowing their keys to the cgi (just ALL of them),
> > but I don't have any idea how to
> > solve this in a easy way.
> >
> > Maybe some of you had a similar problem in the past and know how to
> > solve it.
>
> This will depend on the platform of your CGI programs. E.g., in Perl
> there is the hash %ENV. In C there is the third argument to main(),
> **envp. In shell script you can use your above way, but more portable
> is running /usr/bin/env.
Thanks for your reply.If I try something like
#!/usr/bin/perl
use Data::Dumper;
print "Content-type: text/plain\n\n";
print Dumper \%ENV;
as test.cgi to run in apache the env vars heavily differ from everthing seen at login shell (i know
that apache runs in a special environment most of time) or, even more strange, from the environment
variables the apache process knows about. (seen in /proc/PID/environ)
I simply can not adopt my applications to re-write the %ENV - I really need apache to do that
initially for all cgi scripts.
Regards
Juergen
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] passing all env vars to a cgi
Posted by Karel Kubat <ka...@e-tunity.com>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
On Feb 12, 2009, at 8:59 AM, Jürgen Mathwich wrote:
> I 've got a problem regarding apache's environ handling. I know
> about the usage of SetEnv and
> PassEnv. To use them I have to know the key/name of every single
> environ variable.
>
> When doing a
>
> # cat /proc/<APACHE-PID>/environ
>
> it shows me more variables than the cgi knows about. Now I have a
> project where I need to pass all
> the vars without knowing their keys to the cgi (just ALL of them),
> but I don't have any idea how to
> solve this in a easy way.
>
> Maybe some of you had a similar problem in the past and know how to
> solve it.
This will depend on the platform of your CGI programs. E.g., in Perl
there is the hash %ENV. In C there is the third argument to main(),
**envp. In shell script you can use your above way, but more portable
is running /usr/bin/env.
- --
Best regards / met vriendelijke groet, Karel Kubat
Mob +31 6 2956 4861
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAkmT74UACgkQ23FrzRzybNVyYgCgpsERT0eTcWP2V5+WW1FbpuEM
6DAAoJL98/BYpajcFxOF698OE+FR6iNO
=dlo3
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] passing all env vars to a cgi
Posted by Jürgen Mathwich <ju...@4950.net>.
Am Donnerstag 12 Februar 2009 11:15:36 schrieb Matus UHLAR - fantomas:
> On 12.02.09 08:59, Jürgen Mathwich wrote:
> > I 've got a problem regarding apache's environ handling. I know about the
> > usage of SetEnv and PassEnv. To use them I have to know the key/name of
> > every single environ variable.
> >
> > When doing a
> >
> > # cat /proc/<APACHE-PID>/environ
> >
> > it shows me more variables than the cgi knows about. Now I have a project
> > where I need to pass all the vars without knowing their keys to the cgi
> > (just ALL of them), but I don't have any idea how to solve this in a easy
> > way.
>
> the vars from where? Apache can only send to CGI variables it has set when
> started, or on config file.
>
> Note that for example suexec limits variables that are sent to CGIs
all vars from the apaches process environ - so ... those that were exported in /etc/profile and
similar shell configurations. (assuming apache does not run in an spearate chroot environ or other
*tricks* ignoring environmental settings)
Re: [users@httpd] passing all env vars to a cgi
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 12.02.09 08:59, Jürgen Mathwich wrote:
> I 've got a problem regarding apache's environ handling. I know about the
> usage of SetEnv and PassEnv. To use them I have to know the key/name of
> every single environ variable.
>
> When doing a
>
> # cat /proc/<APACHE-PID>/environ
>
> it shows me more variables than the cgi knows about. Now I have a project
> where I need to pass all the vars without knowing their keys to the cgi
> (just ALL of them), but I don't have any idea how to solve this in a easy
> way.
the vars from where? Apache can only send to CGI variables it has set when
started, or on config file.
Note that for example suexec limits variables that are sent to CGIs
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Support bacteria - they're the only culture some people have.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org