Re: One last error in Apache log

[Roberto Ruiz]

On Fri, Jul 22, 2005 at 05:50:15PM +0100, Neville Hodder wrote:
> I think that I have almost managed to get my first (proper) CGI script
> to execute as intended, but it seems I still have one last hurdle to
> jump. My Apache error.log provides me with the following single line:
>  
> [Fri Jul 22 16:34:37 2005] [error] [client 127.0.0.1] Access is
> denied.\r, referer:
> http://localhost/~neville.hodder/tests_c/upload_g.cgi
> 
> After too much time Googling and re-reading my manuals, I have a few
> questions I hope someone can help me with:
>  
> 1) Have I correctly Untainted my system() call and file permissions by
> my modification of the $ENV{'PATH'}?
> 2) Has my modification of the $ENV{'PATH'} been to restrictive and
> created a new "Access" problem?

Neville,

I think your settings on the $ENV{'PATH'} are ok as long as the external
commands that you call are in the path's included in the list. Also, as
you are calling your program using full path specification, the value of
$ENV{'PATH'} is irrelevant. One thing that got my attention was the use
of the windows \\server\path\prog.exe file name, because if your program
is in another computer it may be posible that it will fail to run from
the webserver due to network execute permisions, you will need to check
it.

For the tainting and security concerns, I can recomend you the CGI
course in:

http://users.easystreet.com/ovid/cgi_course/

Particulary lesson 3 (on securiry).


> 2) Do I also need to enable one or all of "file/directory/execution"
> access somewhere within my Apache httpd.conf settings?

Here is where I think your problem comes from. The error: "Access is
denied", makes me think that you need to set a ScriptAlias for the
tests_c/ directory in your httpd.conf file. Please try a simple script
in there just to be sure, I mean just:

--- minimal.cgi start here - cut
#!/usr/bin/perl -wT   # change with your windows path

use strict;
use CGI;

my $q = new CGI;

print $q->start_html, $q->h1('testing'), $q->end_html;
--- minimal.cgi end here - cut

And see if it works on that directory.

If not, you will need to read/seek details on setting it up the
mentioned ScriptAlias on the main http.conf of your apache installation,
or you may just need a:

Options +ExecCGI

Line in the .htaccess file of that directory (if there isn't one just
create it).

HTH, God bless.
Roberto Ruiz


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>