Bug #2374
closed
lighttpd-1.4.29 cannot execute unreadable CGIs
Added by Hawk777 over 13 years ago.
Updated over 1 year ago.
ASK QUESTIONS IN Forums:
No
Description
Lighttpd tries to open() the CGI. If this fails with EACCES, the request returns 403. This shouldn't happen: if the request is to be handled by a CGI, it needs to be executable by the Lighttpd user, but there's no reason it should have to be readable. I have an strace if you want, though it's not very informative (just shows open() returning EACCES).
I neglected to mention this in my initial report, but the CGI in question is an ELF and can be executed without issue from bash running as the Lighttpd user account.
- Status changed from New to Invalid
you need read permission to execute a file.
- Status changed from Invalid to Reopened
No you don't. Please try this for yourself if you don't believe me:
$ cat test.c
#include <stdio.h>
int main(void) {
puts("Hello World");
return 0;
}
$ gcc -otest test.c
$ chmod 0111 test
$ ./test
Hello World
- Status changed from Reopened to Wontfix
Yes, you can execute "not readable" files, although it is useless if you don't set SUID also (without SUID you can just LD_PRELOAD anything you want).
The open() is from our stat code; i don't intend to change the semantics of it, so you have to live with the current behaviour - just provide a readable wrapper script (and perhaps replace SUID with sudo):
#!/bin/sh
exec /path/to/real/binary
I understand not wanting to modify core code paths for a mildly-obscure situation. I'll try to convince my distro to install Mailman's CGIs mode 2755 instead of 2751 so I can stop changing them by hand. Sorry for bothering you folks.
- Status changed from Wontfix to Fixed
- Target version set to 1.4.42
- ASK QUESTIONS IN Forums set to No
Also available in: Atom
[mod_cgi] permit CGI exec of unreadable files (fixes #2374)
CGI target might be executable (+x), but not readable (-r)
x-ref:
"lighttpd-1.4.29 cannot execute unreadable CGIs"
https://redmine.lighttpd.net/issues/2374