To: None <gnats-bugs@gnats.netbsd.org>
From: Thomas J. Wye <tjw00@bayarea.net>
List: netbsd-bugs
Date: 03/04/1997 17:54:16
>Number: 3289
>Category: bin
>Synopsis: <File permission break Bourne Shell CGI scripts>
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people (Utility Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Mar 4 18:05:00 1997
>Last-Modified:
>Originator: Thomas J. Wye
>Organization:
<Bay Area internet Solutions>
>Release: NetBSD-current source 4/3/97
>Environment:
System: NetBSD baygate 1.2C NetBSD 1.2C (ANCHOR) #3: Tue Feb 25 10:00:05 PST 1997 navas@shell2:/usr/src/sys/arch/i386/compile/ANCHOR i386
>Description:
There seems to be a NEW file permission problem in netbsd-current
that causes Bourne shell CGI's to fail depending on file permission settings.
This seems to have been introduced between Jan 17-Feb 5
My Web server Apache 1.1.3 is running as user "nobody"
I have the following Unix file permission turned on for each directory:
drwx--x--x 4 abc vip 512 Jan 6 15:10 abc
drwx-rx-rx 4 abc vip 512 Jan 6 15:10 abc/public_html
drwx-rx-rx 4 abc vip 512 Jan 6 15:10 abc/public_html/cgi-bin
When a simple Bourne shell CGI script is executed from
directory abc/public_html/cgi-bin by the Web server the following
error message is displayed.
getcwd() failed: Permission denied
The error message is generated from /bin/sh in routine cd.c with
the execution of the getcwd function.
If read permission is turned on at the abc/ root level for "other" (chmod o+r abc) the Bourne CGI scripts works fine.
Perl scripts run from the same cgi-bin directory seem to work fine.
>How-To-Repeat:
Create a simple one line Bourne shell script and execute is as a cgi script
as described above.
>Fix:
None
>Audit-Trail:
>Unformatted: