Project

General

Profile

Bug #1118

Cannot run CGI/SuEXEC scripts for which lighty has no read permissions.

Added by scroffer52 over 13 years ago. Updated almost 4 years ago.

Status:
Fixed
Priority:
Normal
Category:
core
Target version:
ASK QUESTIONS IN Forums:

Description

If a CGI script can't be read by lightty, then it can't be run, even via a SuEXEC wrapper. You get a 403 error. The SuEXEC wrapper never gets run - lightty just returns a 403.

If you're running under FastCGI, then this is solved with the "broken-scriptfilename" => "enable" option which makes lightty skip its check. However, for normal CGI, there is no such option.

I have websites with only one or 2 PHP scripts (e.g. a contact form). I don't have resources to allocate permanent FastCGI processes to these, but I do want them suexec'd under their own username. I just want them to fork a CGI process. However, it doesn't seem to be possible... :-(

#1

Updated by stbuehler almost 12 years ago

  • Status changed from New to Fixed
  • Resolution set to wontfix

mod_cgi needs a physical file, and we won't change that; but it is enough to have the "entry" script readable by lighttpd, just put passwords in another file.

Or use a cgi-fastcgi wrapper.

#2

Updated by stbuehler almost 12 years ago

  • Status changed from Fixed to Wontfix
#3

Updated by gstrauss almost 4 years ago

  • Description updated (diff)
  • Status changed from Wontfix to Fixed
  • Target version set to 1.4.42

Fixed in b9f245f2, which removes the requirement that target file be readable. lighttpd still needs to be able to stat() the file.

[mod_cgi] permit CGI exec of unreadable files (fixes #2374)

CGI target might be executable (+x), but not readable (-r)

x-ref:
"lighttpd-1.4.29 cannot execute unreadable CGIs"
https://redmine.lighttpd.net/issues/2374

Also available in: Atom