[BusyBox] httpd setgid support and CGI SERVER_ADDR var

John McCarthy jgmcc at magma.ca
Wed Oct 22 17:34:49 UTC 2003


Hi Vladimir,

On Wed, 2003-10-22 at 05:27, Vladimir N. Oleynik wrote:
> John,
> 
> >>Hmm. Best method: call httpd with setted and exported this environs,
> >>and patch httpd to don`t unset this vars, see saving PATH code.
> > 
> > 
> > Sounds good.  I've done that and included a default of gethostname() as
> > well.  So SERVER_NAME gets set to:
> > 	   SERVER_NAME env var
> 
> But, if I set server_name from apache config then my apache redirecting
> from other name in URL to specified name from config and this
> 
> > 	or gethostname()
> > 	or calculated SERVER_ADDR value
> 
> code don`t called ;-)

You've lost me there.  I'd thought apache (and BOA) worked essentially
the same as what I've implemented (config servername else gethostname()
else ipaddr as name).  They may not have the ipaddr part but I thought
the config name/hostname part was pretty standard.

> 
> Also, server adderess may be configured as bind/listen address.

Yes, that is why I'm using the socket local endpoint to get the
address--that is the ipaddr the client connected to for this request (in
other words the interface they came in on for a multi-homed host).

Or are you suggesting that we implement bind/listen support to limit
httpd to listening only on particular host addresses (for example
localhost).  I will eventually need this also, but it's not at the top
of my priority list yet.  I do agree that this is necessary but it is a
separate problem.

> Also. I think, we can use libbb/change_identity() for change gid/uid.

Not sure how this helps since it takes a (struct passwd *) parameter. 
My fix is a simple extrapolation of the existing uid code.  Boa and
Apache support essentially the same functionality.  We don't want to
login to a particular user, just run as a particular uid and/or gid.  We
may need to set these independently and the current code supports that.

> The code all grows and grows. But the most simple would be to make so:
> 
> cgi-bin/start:
> #!/bin/sh
> 
> . /var/www/cgi-bin/www_vars
> exec your_boa_cgi
> 
> 
> /var/www/cgi-bin/www_vars:
> #!/bin/sh
> export SERVER_NAME=www.domain
> export SERVER_ADDRESS=IP_inteface (or parse ifconfig out message)

I see what your doing but instead of setting/using a few env vars you're
starting up a shell to parse and set the env. vars and then start our
CGI.  Seems like a lot of overhead per CGI request.  Since these env
vars are expected to be in every CGI call (according to NCSA CGI spec),
we should be setting them and setting them inside httpd would seem like
the best place to do it.

Incidentally, I could reduce the memory usage for the config struct by
removing the ipaddr string buffers and could use ntoa() instead of the
printf() formating of ipaddrs in the existing code if you think that
would be useful.


Cheers,
John McCarthy.




More information about the busybox mailing list