Bug #629
closedmod_indexfile.c use stat_cache_get_entry that try open CGI files
Description
Hi,
I found a small "bug", normally lighttpd dont try open FastCGI files marked as check-local=disable, or regular CGI files, which is good, some of then have secure permissions (like 0700) running on another user, but index files handled by mod_indexfile.c try open! Using the stat_cache_get_entry by mod_indexfile.c, so if you have a FastCGI program as http://www.domain.com/index.php will work fine, but if you tries open http://www.domain.com/ cause 403 error trying open the index.php that lighttpd dont owner.
IMHO should remove lines below from stat_cache.c:
if (S_ISREG(st.st_mode)) {
/* try to open the file to check if we can read it */
if (-1 == (fd = open(name->ptr, O_RDONLY))) {
return HANDLER_ERROR;
}
close(fd);
}
Which cause these CGI index problems....Also overhead for regular files that open same file two times for every request (later same file will be opened again for read to sent to client of course).
(Sorry for the english)
Updated by jan over 18 years ago
- Status changed from New to Fixed
- Resolution set to invalid
We need the check as we have to know if we can really read the file.
check-local is executed BEFORE this check. Indexfile has to work in local-files and needs to know if the file can be served. Indexfile + check-local = "disable" can't work.
open() + close() is a safe work-around for access() on NFS and has to be done, to send a 403 in case we can't handle this file.
If you think that the ticket is still valid, feel free to reopen it.
Also available in: Atom