Bug #2374
closedlighttpd-1.4.29 cannot execute unreadable CGIs
Description
Lighttpd tries to open() the CGI. If this fails with EACCES, the request returns 403. This shouldn't happen: if the request is to be handled by a CGI, it needs to be executable by the Lighttpd user, but there's no reason it should have to be readable. I have an strace if you want, though it's not very informative (just shows open() returning EACCES).
Updated by Hawk777 over 12 years ago
I neglected to mention this in my initial report, but the CGI in question is an ELF and can be executed without issue from bash running as the Lighttpd user account.
Updated by darix over 12 years ago
- Status changed from New to Invalid
you need read permission to execute a file.
Updated by Hawk777 over 12 years ago
- Status changed from Invalid to Reopened
No you don't. Please try this for yourself if you don't believe me:
$ cat test.c
#include <stdio.h>
int main(void) {
puts("Hello World");
return 0;
}
$ gcc -otest test.c
$ chmod 0111 test
$ ./test
Hello World
Updated by stbuehler over 12 years ago
- Status changed from Reopened to Wontfix
Yes, you can execute "not readable" files, although it is useless if you don't set SUID also (without SUID you can just LD_PRELOAD anything you want).
The open() is from our stat code; i don't intend to change the semantics of it, so you have to live with the current behaviour - just provide a readable wrapper script (and perhaps replace SUID with sudo):
#!/bin/sh exec /path/to/real/binary
Updated by Hawk777 over 12 years ago
I understand not wanting to modify core code paths for a mildly-obscure situation. I'll try to convince my distro to install Mailman's CGIs mode 2755 instead of 2751 so I can stop changing them by hand. Sorry for bothering you folks.
Updated by gstrauss over 7 years ago
- Status changed from Wontfix to Fixed
- Target version set to 1.4.42
Updated by gstrauss 5 months ago
- ASK QUESTIONS IN Forums set to No
Fixed in lighttpd 1.4.42 released way back in 2016.
https://git.lighttpd.net/lighttpd/lighttpd1.4/commit/b9f245f2633a831ce1a83b2c01b67718f9f91301
Also available in: Atom