Hello I have delayed asking for help hoping that I would figure this out on my own.
But, after several months, of on-and-off attempts, I can't think of anything else, so... I have been following current for some time, now: OpenBSD 6.2 GENERIC.MP#105 amd64 I also continue to use apache2 in ports: apache-httpd-2.4.27p0 I have a few small /bin/sh scripts. Basically, I have a cron job that runs and writes some system info to a file in the /var/www chroot, so that I can quickly check a few things via a web-browser. My instance of apache2 runs as www.www and is chroot'ed to /var/www: >From /etc/apache2/httpd2.conf: ...snip... User www Group www ChrootDir "/var/www" ...snip... This was working for years, until about April or May. Then, after an update of the base system (and before an update of the installed packages), I noticed the scripts had stopped working. I updated the packages, and the scripts continued to not work. An example: I point my web-browser to: https://example.com/cgi-bin/viewsys I get an "Internal Server Error" displayed. When I look at the apache error logs, I see (I have turned up the logging a bit): [Sun Sep 24 12:01:31.534535 2017] [ssl:info] [pid 16510] [client xxx.xxx.2.10:21991] AH01964: Connection to child 0 established (server example.com:443) [Sun Sep 24 12:01:31.535886 2017] [socache_shmcb:debug] [pid 16510] mod_socache_shmcb.c(530): AH00835: socache_shmcb_retrieve (0x91 -> subcache 17) [Sun Sep 24 12:01:31.535905 2017] [socache_shmcb:debug] [pid 16510] mod_socache_shmcb.c(916): AH00851: shmcb_subcache_retrieve found no match [Sun Sep 24 12:01:31.535909 2017] [socache_shmcb:debug] [pid 16510] mod_socache_shmcb.c(541): AH00836: leaving socache_shmcb_retrieve successfully [Sun Sep 24 12:01:31.535937 2017] [ssl:debug] [pid 16510] ssl_engine_kernel.c(2126): [client xxx.xxx.2.10:21991] AH02043: SSL virtual host for servername example.com found [Sun Sep 24 12:01:31.535943 2017] [core:debug] [pid 16510] protocol.c(2220): [client xxx.xxx.2.10:21991] AH03155: select protocol from , choices=h2,http/1.1 for server example.com [Sun Sep 24 12:01:31.535952 2017] [ssl:debug] [pid 16510] ssl_engine_kernel.c(2126): [client xxx.xxx.2.10:21991] AH02043: SSL virtual host for servername example.com found [Sun Sep 24 12:01:31.635216 2017] [ssl:debug] [pid 16510] ssl_engine_kernel.c(2053): [client xxx.xxx.2.10:21991] AH02041: Protocol: TLSv1.2, Cipher: ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits) [Sun Sep 24 12:01:31.636987 2017] [ssl:debug] [pid 16510] ssl_engine_kernel.c(361): [client xxx.xxx.2.10:21991] AH02034: Initial (No.1) HTTPS request received for child 0 (server example.com:443), referer: https://example.com/ [Sun Sep 24 12:01:31.637039 2017] [authz_core:debug] [pid 16510] mod_authz_core.c(806): [client xxx.xxx.2.10:21991] AH01626: authorization result of Require all granted: granted, referer: https://example.com/ [Sun Sep 24 12:01:31.637046 2017] [authz_core:debug] [pid 16510] mod_authz_core.c(806): [client xxx.xxx.2.10:21991] AH01626: authorization result of <RequireAny>: granted, referer: https://example.com/ [Sun Sep 24 12:01:31.642334 2017] [cgi:error] [pid 16510] [client xxx.xxx.2.10:21991] End of script output before headers: viewsys, referer: https://example.com/ [Sun Sep 24 12:01:31.642971 2017] [ssl:debug] [pid 16510] ssl_engine_io.c(1099): [client xxx.xxx.2.10:21991] AH02001: Connection closed to child 0 with standard shutdown (server example.com:443) So, the cgi-script is called, but appears not to return anything: "End of script output before headers" I enabled logging of cgi info in apache2, and in the "cgi_log" I see: %% [Sun Sep 24 12:01:31 2017] GET /cgi-bin/viewsys HTTP/1.1 %% 500 /cgi-bin/viewsys %request Host: example.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://example.com/ Cookie: icingaweb2-tzo=-18000-1; icingaweb2-session=1506271615; Icingaweb2=6h1eginggl1ktaioce40d56p225b63gm DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 %response And that's it, no response. So, this makes you think that there is a problem with the script running in the chroot. But, if I run the script (nothing fancy - basically, it is just printing out http of dmesg info that has been stuck into a file in the chroot by a cron job running outside the chroot): cat viewsys .............. #!/bin/sh . /cgi-bin/web.functions htmlhead "System Information" dmesg=`cat ../tmp/dmesginfo` b_head t_head " System DMESG " cat <<- /DMESGINFO <tr> <td><div><PRE><p style="white-space:pre-wrap"> $dmesg </p></PRE></div></td> </tr> /DMESGINFO t_foot b_foot htmlend ................. Using chroot: # chroot -u www /var/www /cgi-bin/viewsys I see the correct output: ...................... Content-type:text/html <HTML><HEAD><TITLE>System Information </TITLE></HEAD> <style type="text/css"> H1 {font-family: Comic Sans MS,sans-serif; font-size: 40px; color:#009900; line-height: 45px; text-align: center; text-decoration: none; } H2 {font-family: Comic Sans MS,sans-serif; font-size: 18px; color:#336600; line-height: 18px; text-align: center; text-decoration: none; } A {font-family: Comic Sans MS,sans-serif; font-size: 14px; color:#336699; line-height: 20px; text-decoration: none; } A:hover {font-family: Comic Sans MS,san-serif; font-size: 14px; color:#FF3300; line-height: 20px; } </style> <BODY> <body marginwidth="0" marginheight="0" leftmargin="0" rightmargin="0" topmargin="0" bgcolor="#FFFFFF" text="#000000" link="#336699"> <table width="100%" border="0" cellpadding="0" height="40"> <tr><td><h1>example.com</h1></td> </tr> </table> <table width="100%" cellpadding="0" cellspacing="0" border="0"> <tr bgcolor="#000000"> <td><img src="/images/blank.gif" width="1" height="2" alt=""></td> </tr> </table> <table cellspacing="0" cellpadding="3" border="0" width="100%" bgcolor="#FF0033"><tr><td align="center" valign="top"> <table width="98%" border="0" cellspacing="0" cellpadding="2"> <tr> <td align="center"><br> <table cellpadding="1" cellspacing="0" bgcolor="#000000" width="99%"> <tr> <td> <table cellpadding="2" cellspacing="0" bgcolor="#ffffff" width="100%"> <tr> <td bgcolor="#99CCFF"><div align="center"><H2><b>:: System DMESG ::</b></H2></div> </td> </tr> <tr> <td><div><PRE><p style="white-space:pre-wrap"> OpenBSD 6.2-beta (GENERIC.MP) #105: Fri Sep 22 18:36:47 MDT 2017 ...snip... root on sd0a (3c411dc68c2af2bf.a) swap on sd0b dump on sd0b </p></PRE></div></td> </tr> </table> </td> </tr> </table><br> </td> </tr> </table> </td> </tr> </table> <table width="100%" cellpadding="0" cellspacing="0" border="0"> <tr bgcolor="#000000"> <td><img src="/images/blank.gif" width="1" height="2" alt=""></td> </tr> </table> </BODY></HTML> ...................... Which seems correct to me, but is (apparently) not seen by apache2. So, this worked for, literally, years without an issue, and it seemed to fail after updating the base system in April-May, not after updating the packages, which makes me think it is something that changed in the base system. I have looked through "following current" again and again, but can't see anything that makes sense to me as impacting this. I tried adding "wxallowed" to the /var/www partition, but that did nothing. I have played with file permission, and so many things that I can't even recall them clearly. I am at a loss. Does anyone have an idea why a simple /bin/sh cgi-script that had been working for years suddenly has stopped producing output when called by apache2, but continues to work when run from the command line using chroot? Thanks Ted --- This email has been checked for viruses by AVG. http://www.avg.com
