how to use system call within a cgi script

[ReggieC]

Hi there,

I have to execute an executable from a CGI script written in perl. I
cannot do that even
with a very simple test like:
$result = system("mkdir test1");
$result = system("mkdir ", "test1");
exec('mkdir test1');
but always got 500 Internal Service Error.

Adding $ENV{"PATH"} = ""; and use full path of mkdir did not help.

I'm using perl 5.8 with Apache 2.2.

Any opinion is very much appreciated.

 

[Jürgen Exner]

Hi there,

I have to execute an executable from a CGI script written in perl. I
cannot do that even
with a very simple test like:
$result = system("mkdir test1");
$result = system("mkdir ", "test1");
exec('mkdir test1');
but always got 500 Internal Service Error.

What does the server log tell you?

Adding $ENV{"PATH"} = ""; and use full path of mkdir did not help.
I'm using perl 5.8 with Apache 2.2.
Any opinion is very much appreciated.

Could be many, many, many things. Missing permissions, wrong path,
virtual root folder, ...

See 'perldoc -q 500' for some ideas.

jue

 

[smallpond]

Hi there,

I have to execute an executable from a CGI script written in perl. I
cannot do that even
with a very simple test like:
$result = system("mkdir test1");
$result = system("mkdir ", "test1");
exec('mkdir test1');
but always got 500 Internal Service Error.

Adding $ENV{"PATH"} = ""; and use full path of mkdir did not help.

I'm using perl 5.8 with Apache 2.2.

Any opinion is very much appreciated.

What is the permission and owner on the directory where you are
trying
to make a new subdirectory and what user are you running as?

 

[Jamie]

Hi there,

I have to execute an executable from a CGI script written in perl. I
cannot do that even
with a very simple test like:
$result = system("mkdir test1");
$result = system("mkdir ", "test1");
exec('mkdir test1');
but always got 500 Internal Service Error.

Adding $ENV{"PATH"} = ""; and use full path of mkdir did not help.

I'm using perl 5.8 with Apache 2.2.

Any opinion is very much appreciated.

Print out a header first so you can see the problem? Also, try redirecting
stderr to see any error messages.

In "production", I often use system in a list context:

system('/bin/mkdir','path1');

You probably don't want it evaluated by the shell.

Most likely it's a permissions issue.

Jamie

 

[ReggieC]

Thanks for info from Jue and Smallpond.

Basically the key is $ENV{"PATH"}="";

After I carefully checked, I missed to declare my $result after
adding $ENV{"PATH"}=""; (I modified and moved lined around
while testing. When I did not have $ENV{"PATH"}=""; I did
have my $result.)

Thanks a lot for the tip of checking logs. The info there tipped
me up. Knowing perldoc -q 500 is useful, too.

Thanks again.

 

[Tony Curtis]

Hi there,

I have to execute an executable from a CGI script written in perl. I
cannot do that even
with a very simple test like:
$result = system("mkdir test1");
$result = system("mkdir ", "test1");
exec('mkdir test1');
but always got 500 Internal Service Error.

why would you want to go out to a shell for a perl built-in?

perldoc -f mkdir

hth
t

 

[John Bokma]

Hi there,

I have to execute an executable from a CGI script written in perl. I
cannot do that even
with a very simple test like:
$result = system("mkdir test1");
$result = system("mkdir ", "test1");
exec('mkdir test1');

Read perldoc -f exec

Remove the exec, and try again, does it now work?

but always got 500 Internal Service Error.

Always copy error messages, don't type them yourself.

 

[Grant]

Read perldoc -f exec

Remove the exec, and try again, does it now work?


Always copy error messages, don't type them yourself.

I'd add to that, tail -f the error_log in another terminal and make sure
you made the work area world writable -- not particularly safe, is it?

Grant.

 

[Grant]

Read perldoc -f exec

Remove the exec, and try again, does it now work?


Always copy error messages, don't type them yourself.

Oops, I meant to add an example, this is from a .cgi here (awk):
....
# create a unique output filename
cmd = "mktemp public/cc2ip.XXXXXX"; cmd | getline out; close(cmd)

# make the output filename world writable and append .txt
system("touch " out " && chmod a+rw " out " && mv " out " " out ".txt")
out = out ".txt"
....

The matching web directory:
-r-sr-xr-x 1 grant wheel 3104 2008-10-05 09:07 cc2ip.cgi*
-rwxrwxr-x 1 grant wheel 11570 2008-10-12 06:35 index.html*
-rwxrwxr-x 1 grant wheel 444 2008-10-05 09:07 lookup-ip*
drwxrwxrwx 2 grant wheel 184 2008-10-12 00:02 public/
drwx-w---- 2 grant wheel 128 2008-10-12 11:32 server/

Access to the server script and directory is restricted by a security
wrapper written in C.

Context: http://bugsplatter.id.au/cc2ip/

Grant.

 

[Tim Greer]

Oops, I meant to add an example, this is from a .cgi here (awk):
...
# create a unique output filename
cmd = "mktemp public/cc2ip.XXXXXX"; cmd | getline out;
close(cmd)

# make the output filename world writable and append .txt
system("touch " out " && chmod a+rw " out " && mv " out " "
out ".txt") out = out ".txt"
...

You probably don't want to make it world writable unless you have a good
reason, assuming they even need that those of permissions.

The matching web directory:
-r-sr-xr-x 1 grant wheel 3104 2008-10-05 09:07 cc2ip.cgi*
-rwxrwxr-x 1 grant wheel 11570 2008-10-12 06:35 index.html*
-rwxrwxr-x 1 grant wheel 444 2008-10-05 09:07 lookup-ip*
drwxrwxrwx 2 grant wheel 184 2008-10-12 00:02 public/
drwx-w---- 2 grant wheel 128 2008-10-12 11:32 server/

Glad to see nothing is setguid there.

World write is indeed sometimes needed for some people, and is fine if
they aren't on a shared server, but I'd just recommend against it if
you're on a server that other users are on.

Anyway, yeah, just check the logs, print the proper header for CGI and
be sure to check your calls and catch (and log or report) any
errors/failures.

 

[Grant]

You probably don't want to make it world writable unless you have a good
reason, assuming they even need that those of permissions.

Oh, in this case the first .cgi hands off (after validation of parms) to
another script which is run as 'nobody' :/ Hence the world writable public
directory. Several attempts to merge both scripts resulted in far slower
performance, awk is funny like that.

But there's nothing else inside public except for a blank index.html to
thwart the curious

Glad to see nothing is setguid there.

No, that's what the C security wrapper is for!

World write is indeed sometimes needed for some people, and is fine if
they aren't on a shared server, but I'd just recommend against it if
you're on a server that other users are on.

I have full control of the server here, and in any case it's unlikely
somebody could guess the random name of an ephemeral (sp?) file that is
purged after only 2 days. And methods other thn get|head result in 403.

Anyway, yeah, just check the logs, print the proper header for CGI and
be sure to check your calls and catch (and log or report) any
errors/failures.

When I'm doing web development I have three logging terminals open:
access_log, error_log and rewrite.log.

Grant.

 

[Tim Greer]

Oh, in this case the first .cgi hands off (after validation of parms)
to
another script which is run as 'nobody' :/ Hence the world writable
public
directory. Several attempts to merge both scripts resulted in far
slower performance, awk is funny like that.

I would agree, that is fine. I just meant that I wouldn't recommend
that on a shared server with other users (this is fine if the system
isn't shared by potentially malicious users or other users that might
have insecure scripts that malicious users could use as a gateway into
the server). However, for your own server, an unprivlieged user is
better (as you're doing and know), and I did realise after I posted,
that your were making an example of an existing script and not actually
suggesting they allow world write if they don't need to. Forgive me
for misreading your follow up.