cgi-bin (C bin) hangs under Linux

cgi-bin (C bin) hangs under Linux

Post by Angus C. Mar » Sat, 25 Nov 1995 04:00:00



I'm the web maintainer for a club that I'm a member of, where we have
Linux running on a 486 (I'm pretty sure that it is a 486). In our web
page we have a fill-out form, and I wrote a C program (gcc compiled) to
handle it. This C program does the parsing then the uses popen to start
mail, and the parsed output is written to the process's file pointer
(because mail reads from the standard input) and is mailed to me.

        For some reason (and I've only tested it w/Lynx) Lynx tells me
that the request has been sent and it waiting for a reply, and the system
hangs. Cancel the action from Lynx using 'z', but the process still runs
on the Linux machine. When I exit Lynx the processes seem to terminate
normally, and (this is where it gets weird) the form is mailed to me
normally.

        I don't see how this could be a problem with my C code, because I
was able to run the binary from a shell, and entering the form code (you
know, with all the crazy '%' escapes and '&'s) on the standard input and
it seems to work find (closing the standard input w/"^M^D"). The only
differences (that I can think of) between the an http doc and me running a
cgi-bin, is that there is no tty that executes the processes, and the user
is "nobody" instead of me.

        Please don't tell me to use a mailto. The choice is not available
to us. Most of the users who access that page are Lynx users, and Lynx
doesn't work well with mailto fill-out forms.

--
                        http://www.ece.concordia.ca/~ac_march/addr.html

 |.........|      |Attempting |
 |: DON'T :|      |recovery...|             Angus March
 |: PANIC :|      |1067 pages |         The Ultra-Mind Dragon
 |:.......:|      |unrecovered|             -==(UDIC)==-
 |---------|___ __|___________|__
/___________\  |_________________| Murphy ain't seen nothing yet

 
 
 

cgi-bin (C bin) hangs under Linux

Post by Paul Philli » Sat, 25 Nov 1995 04:00:00


None of these groups are relevant except c.i.w.a.cgi.  Followups trimmed.



Quote:>    I don't see how this could be a problem with my C code, because I
>was able to run the binary from a shell, and entering the form code (you
>know, with all the crazy '%' escapes and '&'s) on the standard input and
>it seems to work find (closing the standard input w/"^M^D"). The only
>differences (that I can think of) between the an http doc and me running a
>cgi-bin, is that there is no tty that executes the processes, and the user
>is "nobody" instead of me.

Other differences

 * The PATH (not an issue here)
 * The server is not guaranteed to send EOF (probably your problem)

If you have something like

  while((c = getchar()) ! = EOF)

in your code, don't.  You are only guaranteed CONTENT_LENGTH bytes.
From the shell obviously EOF will be sent.  See the WWW FAQ for more
information.

(Posted and emailed.)

 -PSP

--
"See, when the GOVERNMENT spends money, it creates jobs; whereas when the
 money is left in the hands of TAX-PAYERS, God only knows what they do with
 it.  Bake it into pies, probably.  Anything to avoid creating jobs."
     -- Dave Barry

 
 
 

cgi-bin (C bin) hangs under Linux

Post by Michiel Bola » Sun, 26 Nov 1995 04:00:00



[..]

Quote:>    For some reason (and I've only tested it w/Lynx) Lynx tells me
>that the request has been sent and it waiting for a reply, and the system
>hangs. Cancel the action from Lynx using 'z', but the process still runs
>on the Linux machine. When I exit Lynx the processes seem to terminate
>normally, and (this is where it gets weird) the form is mailed to me
>normally.

Does your CGI script produce any output, along with the correct
header lines?
I.e. do you have lines that look like this in your code:

printf("Content-Type: text/html\n\n");
printf("<H1>Form posted</H1>\n"); /* etc. */

If you don't, then this probably explains the* feature.

Hope this helps
--

University of Nijmegen
The Netherlands

 
 
 

1. /cgi-bin/phf /cgi-bin/test-cgi /cgi-bin/handler

I've been seeing a number of attacks of this sort recently
from various sites in the http logs.  The time correlation
between the logs on various hosts suggests that the attacker
was scanning sequentially upward in IP addresses.  Since all
tcp and udp packets to ports below 1024 except for http,
smtp, and ident are filtered out for most, including the
attacking, sites, I'm not seeing anything else in the logs.

209.61.73.47 - - [04/Jul/1998:07:19:27 -0500] "GET /cgi-bin/phf" 404 -
209.61.73.47 - - [04/Jul/1998:07:19:28 -0500] "GET /cgi-bin/test-cgi" 404 -
209.61.73.47 - - [04/Jul/1998:07:19:28 -0500] "GET /cgi-bin/handler" 404 -

Is this a signature of some known attackware?  If so, what
other attacks accompany these http probes?

--

2. /etc/backup "lseek" errs on mounted FS.

3. cgi-bin/view-source?cgi-bin/view-source

4. FTAPE-0.9.6 w/pl14 -- Works for me. :)

5. /usr/bin, /usr/local/bin, /sbin or /opt/bin, /var/opt/bin - I'm confused.

6. 1024x768 looks good, then locks up -???

7. /bin /usr/bin /usr/local/bin etc

8. IP Masquerading Help

9. Difference between /bin and /usr/local/bin and */bin?

10. cgi-bin and cgi file security

11. cgi-bin access with .cgi file

12. Execute cgi outside of cgi-bin

13. .cgi-Files will only work in the cgi-bin ???