perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruben Safir <ru...@mrbrklyn.com>
Subject Re: [Bug Report] mod_perl runs with GID 0 !
Date Tue, 12 Apr 2016 01:08:24 GMT
I'm confused.  Why send this to the mailing list?


On Mon, Apr 11, 2016 at 11:04:17PM +0200, Ben RUBSON wrote:
> -------------8<---------- Start Bug Report ------------8<----------
> 1. Problem Description:
> 
> Hello,
> 
> Here is my Apache user and group :
> 
> # grep -iE "user|group" httpd.conf
> User #1025
> Group #1025
> 
> # ps axo uid,gid,comm  | grep http
>  1025  1025 httpd
>  1025  1025 httpd
>  1025  1025 httpd
> 
> Let's run the following example script in mod_perl :
> 
> # more test.pl
> open(my $fh, ">", "/tmp/test.log");
> print $fh "Your UID is " . $< . "\n";
> my @groups = split '\s', $(;
> print $fh "You belong to these groups: ";
> print $fh $_ . " " foreach(@groups);
> 
> Let's see the result :
> 
> # cat /tmp/test.log
> Your UID is 1025
> You belong to these groups: 1025 1025 
> 
> # ls -ln /tmp/test.log 
> -rw-------  1 1025  0  82 11 Apr 22:25 /tmp/test.log
> 
> Question :
> Why does the file is owned by group ID 0 ?
> It should be 1025.
> In addition, the Perl script (and its processes launched using system()) can't use files
owned by group #1025.
> 
> Thank you,
> 
> Best regards,
> 
> Ben
> 
> 2. Used Components and their Configuration:
> 
> *** mod_perl version 2.000009
> 
> *** using /usr/local/lib/perl5/site_perl/mach/5.20/Apache2/BuildConfig.pm
> 
> *** Makefile.PL options:
>   MP_APR_CONFIG  => /usr/local/bin/apr-1-config
>   MP_APR_LIB     => aprext
>   MP_APXS        => /usr/local/sbin/apxs
>   MP_COMPAT_1X   => 1
>   MP_GENERATE_XS => 1
>   MP_LIBNAME     => mod_perl
>   MP_USE_DSO     => 1
> 
> 
> *** The httpd binary was not found
> 
> 
> *** (apr|apu)-config linking info
> 
>  -L/usr/local/lib -laprutil-1  -ldb-5.3 -lgdbm  -lexpat -L/usr/lib -L/usr/local/lib -L/usr/local/lib/db5
>  -L/usr/local/lib -lapr-1 -lcrypt  -lpthread 
> 
> 
> 
> *** /usr/local/bin/perl -V
> Summary of my perl5 (revision 5 version 20 subversion 3) configuration:
>    
>   Platform:
>     osname=freebsd, osvers=10.1-release-p31, archname=amd64-freebsd-thread-multi
>     uname='freebsd 101amd64-quarterly-job-02 10.1-release-p31 freebsd 10.1-release-p31
amd64 '
>     config_args='-sde -Dprefix=/usr/local -Dlibperl=libperl.so.5.20.3 -Darchlib=/usr/local/lib/perl5/5.20/mach
-Dprivlib=/usr/local/lib/perl5/5.20 -Dman3dir=/usr/local/lib/perl5/5.20/perl/man/man3 -Dman1dir=/usr/local/lib/perl5/5.20/perl/man/man1
-Dsitearch=/usr/local/lib/perl5/site_perl/mach/5.20 -Dsitelib=/usr/local/lib/perl5/site_perl
-Dscriptdir=/usr/local/bin -Dsiteman3dir=/usr/local/lib/perl5/site_perl/man/man3 -Dsiteman1dir=/usr/local/lib/perl5/site_perl/man/man1
-Ui_malloc -Ui_iconv -Uinstallusrbinperl -Dusenm=n -Dcc=cc -Duseshrplib -Dinc_version_list=none
-Dcf_by=perl -Dcf_email=perl@FreeBSD.org -Dcf_time=Sat Sep 12 19:09:14 UTC 2015 -Alddlflags=-L/wrkdirs/usr/ports/lang/perl5.20/work/perl-5.20.3
-L/usr/local/lib/perl5/5.20/mach/CORE -Wl,-rpath=/usr/local/lib/perl5/5.20/mach/CORE -lperl
-Dshrpldflags=$(LDDLFLAGS:N-L/wrkdirs/usr/ports/lang/perl5.20/work/perl-5.20.3:N-L/usr/local/lib/perl5/5.20/mach/CORE:N-Wl,-rpath=/usr/local/lib/perl5/5.20/mach/CORE:N-lperl)
-Wl,-soname,$(LIBPERL:R) -Dotherlibdirs=/usr/local/lib/perl5/site_perl/5.20:/usr/local/lib/perl5/site_perl/5.20/mach
-Doptimize=-O2 -pipe  -fstack-protector -fno-strict-aliasing -Ui_gdbm -Dusemultiplicity=y
-Duse64bitint -Dusethreads=y -Dusemymalloc=n'
>     hint=recommended, useposix=true, d_sigaction=define
>     useithreads=define, usemultiplicity=define
>     use64bitint=define, use64bitall=define, uselongdouble=undef
>     usemymalloc=n, bincompat5005=undef
>   Compiler:
>     cc='cc', ccflags ='-DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -fno-strict-aliasing -pipe
-fstack-protector -I/usr/local/include',
>     optimize='-O2 -pipe -fstack-protector -fno-strict-aliasing',
>     cppflags='-DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -fno-strict-aliasing -pipe -fstack-protector
-I/usr/local/include'
>     ccversion='', gccversion='4.2.1 Compatible FreeBSD Clang 3.4.1 (tags/RELEASE_34/dot1-final
208032)', gccosandvers=''
>     intsize=4, longsize=8, ptrsize=8, doublesize=8, byteorder=12345678
>     d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=16
>     ivtype='long', ivsize=8, nvtype='double', nvsize=8, Off_t='off_t', lseeksize=8
>     alignbytes=8, prototype=define
>   Linker and Libraries:
>     ld='cc', ldflags ='-lpthread -Wl,-E  -fstack-protector -L/usr/local/lib'
>     libpth=/usr/lib /usr/local/lib /usr/include/clang/3.4.1 /usr/lib
>     libs=-lpthread -lm -lcrypt -lutil
>     perllibs=-lpthread -lm -lcrypt -lutil
>     libc=, so=so, useshrplib=true, libperl=libperl.so.5.20.3
>     gnulibc_version=''
>   Dynamic Linking:
>     dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='  -Wl,-R/usr/local/lib/perl5/5.20/mach/CORE'
>     cccdlflags='-DPIC -fPIC', lddlflags='-shared  -L/wrkdirs/usr/ports/lang/perl5.20/work/perl-5.20.3
-L/usr/local/lib/perl5/5.20/mach/CORE -Wl,-rpath=/usr/local/lib/perl5/5.20/mach/CORE -lperl
-L/usr/local/lib -fstack-protector'
> 
> 
> Characteristics of this binary (from libperl): 
>   Compile-time options: HAS_TIMES MULTIPLICITY PERLIO_LAYERS
>                         PERL_DONT_CREATE_GVSV
>                         PERL_HASH_FUNC_ONE_AT_A_TIME_HARD
>                         PERL_IMPLICIT_CONTEXT PERL_MALLOC_WRAP
>                         PERL_NEW_COPY_ON_WRITE PERL_PRESERVE_IVUV
>                         USE_64_BIT_ALL USE_64_BIT_INT USE_ITHREADS
>                         USE_LARGE_FILES USE_LOCALE USE_LOCALE_COLLATE
>                         USE_LOCALE_CTYPE USE_LOCALE_NUMERIC USE_PERLIO
>                         USE_PERL_ATOF USE_REENTRANT_API
>   Built under freebsd
>   %ENV:
>     PERL_LWP_USE_HTTP_10="1"
>   @INC:
>     /usr/local/lib/perl5/site_perl/mach/5.20
>     /usr/local/lib/perl5/site_perl
>     /usr/local/lib/perl5/5.20/mach
>     /usr/local/lib/perl5/5.20
>     /usr/local/lib/perl5/site_perl/5.20
>     /usr/local/lib/perl5/site_perl/5.20/mach
>     .
> 
> *** Packages of interest status:
> 
> Apache2            : -
> Apache2::Request   : -
> CGI                : 3.65
> ExtUtils::MakeMaker: 6.98
> LWP                : 6.15
> mod_perl           : -
> mod_perl2          : 2.000009
> 
> 
> 3. This is the core dump trace: (if you get a core dump):
> 
>   [CORE TRACE COMES HERE]
> 
> 4. Additional info :
> 
> # uname -a
> FreeBSD mysrv 10.3-RELEASE FreeBSD 10.3-RELEASE #0 r297264: Fri Mar 25 02:10:02 UTC 2016
    root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64
> 
> # pkg search -f ap24-mod_perl2
> ap24-mod_perl2-2.0.9,3
> Name           : ap24-mod_perl2
> Version        : 2.0.9,3
> Origin         : www/mod_perl2
> Architecture   : freebsd:10:x86:64
> Prefix         : /usr/local
> Repository     : FreeBSD [pkg+http://pkg.FreeBSD.org/FreeBSD:10:amd64/quarterly]
> 
> # pkg search -f perl5
> perl5-5.20.3_8
> Name           : perl5
> Version        : 5.20.3_8
> Origin         : lang/perl5.20
> Architecture   : freebsd:10:x86:64
> Prefix         : /usr/local
> Repository     : FreeBSD [pkg+http://pkg.FreeBSD.org/FreeBSD:10:amd64/quarterly]
> 
> # httpd -V
> Server version: Apache/2.4.18 (FreeBSD)
> Server built:   Apr  5 2016 01:24:22
> Server's Module Magic Number: 20120211:52
> Server loaded:  APR 1.5.2, APR-UTIL 1.5.4
> Compiled using: APR 1.5.2, APR-UTIL 1.5.4
> Architecture:   64-bit
> Server MPM:     prefork
>   threaded:     no
>     forked:     yes (variable process count)
> Server compiled with....
>  -D APR_HAS_SENDFILE
>  -D APR_HAS_MMAP
>  -D APR_HAVE_IPV6 (IPv4-mapped addresses disabled)
>  -D APR_USE_FLOCK_SERIALIZE
>  -D APR_USE_PTHREAD_SERIALIZE
>  -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
>  -D APR_HAS_OTHER_CHILD
>  -D AP_HAVE_RELIABLE_PIPED_LOGS
>  -D DYNAMIC_MODULE_LIMIT=256
>  -D HTTPD_ROOT="/usr/local"
>  -D SUEXEC_BIN="/usr/local/bin/suexec"
>  -D DEFAULT_PIDLOG="/var/run/httpd.pid"
>  -D DEFAULT_SCOREBOARD="/var/run/apache_runtime_status"
>  -D DEFAULT_ERRORLOG="/var/log/httpd-error.log"
>  -D AP_TYPES_CONFIG_FILE="etc/apache24/mime.types"
>  -D SERVER_CONFIG_FILE="etc/apache24/httpd.conf"
> 
> This report was generated by /usr/local/bin/mp2bug on Mon Apr 11 20:49:52 2016 GMT.
> 
> -------------8<---------- End Bug Report --------------8<----------

-- 
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com 

DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive 
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com 

Being so tracked is for FARM ANIMALS and and extermination camps, 
but incompatible with living as a free human being. -RI Safir 2013


Mime
View raw message