You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Christian Gilmore <cg...@research.att.com> on 1997/04/10 20:40:04 UTC

mod_cgi/354: core dump with introduction of suexec to apache 1.2b8

	The contract type is `' with a response time of 3 business hours.
	A first analysis should be sent before: Thu Apr 10 15:00:01 PDT 1997


>Number:         354
>Category:       mod_cgi
>Synopsis:       core dump with introduction of suexec to apache 1.2b8
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Thu Apr 10 11:40:01 1997
>Originator:     cgilmore@research.att.com
>Organization:
apache
>Release:        1.2b8
>Environment:
IRIX akalice 5.3 11091812 IP22 mips
gcc version 2.7.2
>Description:
Prior to adding suexec into apache's sbin (/www/www/apache/sbin on my system),
I was able to run scripts (as the server's owner) with the "AddHandler 
cgi-script .cgi" directive. The introduction of suexec has caused any attempt
to run a cgi script from a user's directory to dump core. From what I could see
from gdb's backtrace:

Core was generated by `httpd'.
Program terminated with signal 6, Abort.
Reading symbols from /usr/lib/libc.so.1...backdone.
#0  0xfae25d4 in _kill () at kill.s:15
kill.s:15: No such file or directory.
(gdb) back
#0  0xfae25d4 in _kill () at kill.s:15
#1  0xfae3930 in raise () at raise.c:22
#2  0xfb1735c in abort () at abort.c:37
#3  0x40e7d4 in seg_fault ()
#4  <signal handler called>
#5  0x4268c0 in call_exec ()
#6  0x43c13c in cgi_child ()
#7  0x40c844 in spawn_child_err ()
#8  0x43c580 in cgi_handler ()
#9  0x415e50 in invoke_handler ()
#10 0x41abf4 in process_request_internal ()
#11 0x41ac8c in process_request ()
#12 0x40fec4 in child_main ()
#13 0x410194 in make_child ()
#14 0x411004 in standalone_main ()
#15 0x4115dc in main ()
Current language:  auto; currently asm
(gdb) quit

The error occurred after the mod_cgi call to util_script.c's call_exec
function. I've checked and re-checked the configuration of suexec and
it all appears to be in order. If you like, I'd be happy to send you
my configuration files for the server and suexec.h.

Here's what the logs had to say. The cgi_log file named in suexec.h was
never created/written to.

access_log:
maestro.research.att.com - - [10/Apr/1997:14:06:56 -0400] "GET /~cgilmore/testksh.cgi HTTP/1.0" 500 404

error_log:
[Thu Apr 10 14:06:56 1997] access to /usr/cgilmore/wwwfiles/testksh.cgi failed for maestro.research.att.com, reason: Premature end of script headers

script_log:
%% [Thu Apr 10 14:06:56 1997] GET /~cgilmore/testksh.cgi HTTP/1.0
%% 500 /usr/cgilmore/wwwfiles/testksh.cgi
%request
Connection: Keep-Alive
User-Agent: Mozilla/2.01S (X11; I; IRIX 5.3 IP22)
Host: www.research.att.com:4000
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
%response
%stderr
[Thu Apr 10 14:06:56 1997] httpd: caught SIGSEGV, attempting to dump core in /www/www/apache

The script testksh.cgi (that I believe is never called):
#!/bin/ksh
echo "Content-type: text/html"
echo
echo "<html><h1>Working?</h1></html>"
>How-To-Repeat:
This is an internal server, so I can't give you a usable URL. The only
response you would get would be an "Internal Error" message, in any event.
>Fix:

>Audit-Trail:
>Unformatted: