1

I'm trying to set lighttpd with suexec, but something goes wrong on testing: when I try to launch something via suexec, it gives me in log: [2017-10-08 00:23:24]: invalid command (/srv/http/main/htdocs/cgi-bin/test.py) Output of suexec -V:

 -D AP_DOC_ROOT="/srv/http"
 -D AP_GID_MIN=100
 -D AP_HTTPD_USER="lighttpd"
 -D AP_LOG_EXEC="/var/log/lighttpd/suexec.log"
 -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
 -D AP_UID_MIN=100
 -D AP_USERDIR_SUFFIX="public_html"

Wrapper which I use to launch programs:

#!/bin/bash
filename="$1"
user="$(/usr/bin/stat -c "%U" "$filename")
group="$(/usr/bin/stat -c "%G" "$filename")

cd "$(dirname "$filename")"

/usr/local/bin/suexec "$user" "$group" "$filename"

Permissions are alright, no rogue write bits set. Trying from both userdirs (/home/$USER/public_html) and from docroot.

Improve this question
1
  • Which OS/Distro ?
    – user9517
    Commented Oct 8, 2017 at 6:06

1 Answer 1

Reset to default
1

It seems only relative paths are allowed; the error message comes from this block:

/*
 * Check for a leading '/' (absolute path) in the command to be executed,
 * or attempts to back up out of the current directory,
 * to protect against attacks.  If any are
 * found, error out.  Naughty naughty crackers.
 */
if ((cmd[0] == '/') || (!strncmp(cmd, "../", 3))
    || (strstr(cmd, "/../") != NULL)) {
    log_err("invalid command (%s)\n", cmd);
    exit(104);
}

(see https://anonscm.debian.org/cgit/pkg-apache/apache2.git/tree/support/suexec.c?h=upstream/2.4.27#n350)

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .