On Fri, Mar 21, 2003 at 01:48:07PM +0000, Brian Candler wrote:
> I'll try upgrading Mozilla and report back!
Well, I was caught by the dependency daemons: having upgraded Mozilla
0.9.9->1.3b, I then had to upgrade XFree86, which in turn broke KDE...
anyway my machine is alive again.
The bad news is: Mozilla still gave a blank page after logging in.
The good news is: I have found out why. sqwebmail was sending a header
Content-Encoding: gzip
even though the content was not gzipped. (see tcpdump below).
I don't know why it was doing this, but reconfiguring "--without-gzip" fixed
the problem.
sqwebmail+fastcgi is now zooming along, both with Mozilla and Konquerer (the
latter wasn't fussy about the bad Content-Encoding header and worked anyway)
However, under fastcgi, a patch to do setuid(geteuid) is essential. Without
it, I end up with not all processes running as the correct uid:
bash# ps auxwww | grep cgi-bin/sqwebmail|grep -v grep
www 30493 0.0 0.4 1428 1020 ?? I 4:47PM 0:00.01
/usr/local/sqwebmail/cgi-bin/sqwebmail
exim 30499 0.0 0.4 1428 1028 ?? I 4:47PM 0:00.01
/usr/local/sqwebmail/cgi-bin/sqwebmail
exim 30500 0.0 0.4 1440 1020 ?? I 4:47PM 0:00.01
/usr/local/sqwebmail/cgi-bin/sqwebmail
exim 30501 0.0 0.4 1440 1044 ?? I 4:47PM 0:00.01
/usr/local/sqwebmail/cgi-bin/sqwebmail
exim 30504 0.0 0.4 1440 1048 ?? I 4:47PM 0:00.01
/usr/local/sqwebmail/cgi-bin/sqwebmail
(apache is running as 'www', and sqwebmail is setuid 'exim'). The consequence
is that some operations fail with the message:
"Unable to access your mailbox, sqwebmail permissions may be wrong."
After the attached patch, all is fine. I just found a two-line patch easier
to do than working out how to set up suexec or cgiwrap :-)
Regards,
Brian.
16:30:23.314334 xxx.xx.xxx.xx.80 > xxx.xxx.x.xxx.3998: . 1264:2712(1448) ack 1744 win
57920 <nop,nop,timestamp 97289959 140652659> (DF)
<<snip>>
0x0030 0862 3073 4854 5450 2f31 2e31 2032 3030 .b0sHTTP/1.1.200
0x0040 204f 4b0d 0a44 6174 653a 2046 7269 2c20 .OK..Date:.Fri,.
0x0050 3231 204d 6172 2032 3030 3320 3136 3a33 21.Mar.2003.16:3
0x0060 303a 3235 2047 4d54 0d0a 5365 7276 6572 0:25.GMT..Server
0x0070 3a20 4170 6163 6865 2f31 2e33 2e32 3720 :.Apache/1.3.27.
0x0080 2855 6e69 7829 206d 6f64 5f66 6173 7463 (Unix).mod_fastc
0x0090 6769 2f32 2e34 2e30 206d 6f64 5f74 6872 gi/2.4.0.mod_thr
0x00a0 6f74 746c 652f 332e 312e 3220 6d6f 645f ottle/3.1.2.mod_
0x00b0 7373 6c2f 322e 382e 3132 204f 7065 6e53 ssl/2.8.12.OpenS
0x00c0 534c 2f30 2e39 2e36 670d 0a43 6f6e 7465 SL/0.9.6g..Conte
0x00d0 6e74 2d4c 616e 6775 6167 653a 2065 6e2d nt-Language:.en-
0x00e0 7573 0d0a 4361 6368 652d 436f 6e74 726f us..Cache-Contro
0x00f0 6c3a 206e 6f2d 7374 6f72 650d 0a50 7261 l:.no-store..Pra
0x0100 676d 613a 206e 6f2d 6361 6368 650d 0a56 gma:.no-cache..V
0x0110 6172 793a 2041 6363 6570 742d 4c61 6e67 ary:.Accept-Lang
0x0120 7561 6765 2c48 6f73 740d 0a43 6f6e 7465 uage,Host..Conte <<
0x0130 6e74 2d45 6e63 6f64 696e 673a 2067 7a69 nt-Encoding:.gzi <<
0x0140 700d 0a4b 6565 702d 416c 6976 653a 2074 p..Keep-Alive:.t <<
0x0150 696d 656f 7574 3d31 352c 206d 6178 3d39 imeout=15,.max=9
0x0160 380d 0a43 6f6e 6e65 6374 696f 6e3a 204b 8..Connection:.K
0x0170 6565 702d 416c 6976 650d 0a54 7261 6e73 eep-Alive..Trans
0x0180 6665 722d 456e 636f 6469 6e67 3a20 6368 fer-Encoding:.ch
0x0190 756e 6b65 640d 0a43 6f6e 7465 6e74 2d54 unked..Content-T
0x01a0 7970 653a 2074 6578 742f 6874 6d6c 3b20 ype:.text/html;.
0x01b0 6368 6172 7365 743d 2269 736f 2d38 3835 charset="iso-885
0x01c0 392d 3122 0d0a 0d0a 3230 3030 0d0a 3c21 9-1"....2000..<!
0x01d0 444f 4354 5950 4520 6874 6d6c 2050 5542 DOCTYPE.html.PUB
0x01e0 4c49 4320 222d 2f2f 5733 432f 2f44 5444 LIC."-//W3C//DTD
0x01f0 2048 544d 4c20 342e 3031 2054 7261 6e73 .HTML.4.01.Trans
0x0200 6974 696f 6e61 6c2f 2f45 4e22 0a20 2020 itional//EN"....
0x0210 2022 6874 7470 3a2f 2f77 7777 2e77 332e ."http://www.w3.
0x0220 6f72 672f 5452 2f68 746d 6c34 2f6c 6f6f org/TR/html4/loo
0x0230 7365 2e64 7464 223e 0a3c 6874 6d6c 3e0a se.dtd">.<html>.
0x0240 3c68 6561 643e 0a20 203c 6d65 7461 206e <head>...<meta.n
0x0250 616d 653d 2247 454e 4552 4154 4f52 2220 ame="GENERATOR".
0x0260 636f 6e74 656e 743d 2261 6d61 7961 2036 content="amaya.6
0x0270 2e34 2c20 7365 6520 6874 7470 3a2f 2f77 .4,.see.http://w
0x0280 7777 2e77 332e 6f72 672f 416d 6179 612f ww.w3.org/Amaya/
0x0290 223e 0a20 203c 6d65 7461 206e 616d 653d ">...<meta.name=
0x02a0 224d 5353 6d61 7274 5461 6773 5072 6576 "MSSmartTagsPrev
0x02b0 656e 7450 6172 7369 6e67 2220 636f 6e74 entParsing".cont
0x02c0 656e 743d 2254 5255 4522 3e0a 2020 3c74 ent="TRUE">...<t
0x02d0 6974 6c65 3e46 6f6c 6465 7273 3c2f 7469 itle>Folders</ti
0x02e0 746c 653e 0a20 203c 6c69 6e6b 2072 656c tle>...<link.rel
0x02f0 3d22 7374 796c 6573 6865 6574 2220 7479 ="stylesheet".ty
0x0300 7065 3d22 7465 7874 2f63 7373 2220 6872 pe="text/css".hr
0x0310 6566 3d22 2f69 6d61 6765 732f 7371 7765 ef="/images/sqwe
0x0320 626d 6169 6c2e 6373 7322 3e0a 2020 3c6c bmail.css">...<l
0x0330 696e 6b20 7265 6c3d 2273 7479 6c65 7368 ink.rel="stylesh
0x0340 6565 7422 2074 7970 653d 2274 6578 742f eet".type="text/
0x0350 6373 7322 2068 7265 663d 222f 696d 6167 css".href="/imag
0x0360 6573 2f77 6562 6d61 696c 2e63 7373 223e es/webmail.css">
0x0370 0a20 203c 212d 2d20 2449 643a 2066 6f6c ...<!--.$Id:.fol
0x0380 6465 7273 2e68 746d 6c2c 7620 312e 3432 ders.html,v.1.42
0x0390 2032 3030 332f 3032 2f31 3220 3032 3a34 .2003/02/12.02:4
0x03a0 393a 3036 206d 7273 616d 2045 7870 2024 9:06.mrsam.Exp.$
0x03b0 202d 2d3e 0a3c 2f68 6561 643e 0a0a 3c62 .-->.</head>..<b
0x03c0 6f64 793e 0a3c 212d 2d0a 0a0a 0a0a 0a0a ody>.<!--.......
0x03d0 0a0a 0a0a 0a0a 0a0a 0a0a 0a0a 0a0a 0a0a ................
0x03e0 0a2d 2d3e 0a0a 3c63 656e 7465 723e 0a3c .-->..<center>.<
0x03f0 212d 2d20 546f 7020 4865 6164 6572 2e20 !--.Top.Header..
<< snip rest of packet >>
--- sqwebmail-3.5.0/sqwebmail/sqwebmail.h.orig Fri Dec 7 12:55:39 2001
+++ sqwebmail-3.5.0/sqwebmail/sqwebmail.h Sun Mar 9 20:34:54 2003
@@ -93,7 +93,6 @@
#define ISCTRL(c) ((unsigned char)(c) < (unsigned char)' ')
#if HAVE_LIBFCGI
-#include "fcgi_config.h"
#include <stdlib.h>
#include "fcgi_stdio.h"
#endif
--- sqwebmail-3.5.0/cgi/cgi.h.orig Sun May 20 02:54:58 2001
+++ sqwebmail-3.5.0/cgi/cgi.h Sun Mar 9 20:41:27 2003
@@ -14,7 +14,6 @@
#endif
#if HAVE_LIBFCGI
-#include "fcgi_config.h"
#include <stdlib.h>
#include "fcgi_stdio.h"
#endif
--- sqwebmail-3.5.0/http11/http11.h.in.orig Sun Mar 26 19:20:26 2000
+++ sqwebmail-3.5.0/http11/http11.h.in Sun Mar 9 20:43:42 2003
@@ -15,7 +15,6 @@
#endif
#if HAVE_LIBFCGI
-#include "fcgi_config.h"
#include <stdlib.h>
#include "fcgi_stdio.h"
#endif
--- sqwebmail-3.5.0/cgi/cginocache.c.orig Mon Apr 1 20:59:34 2002
+++ sqwebmail-3.5.0/cgi/cginocache.c Sun Mar 9 20:43:29 2003
@@ -7,7 +7,6 @@
** $Id: cginocache.c,v 1.4 2002/04/01 19:59:34 mrsam Exp $
*/
#if HAVE_LIBFCGI
-#include "fcgi_config.h"
#include <stdlib.h>
#include "fcgi_stdio.h"
#else
--- sqwebmail-3.5.1/sqwebmail/sqwebmail.c.orig Sun Jan 5 04:26:06 2003
+++ sqwebmail-3.5.1/sqwebmail/sqwebmail.c Fri Mar 21 17:11:31 2003
@@ -2121,6 +2121,10 @@
{
int rc;
+ /* If we are running setuid non-root, change our real gid/uid too */
+ if (getegid()) setgid(getegid());
+ if (geteuid()) setuid(geteuid());
+
#if HAVE_LIBFCGI
while ( FCGI_Accept() >= 0)
