Chrooting Perl CGI applications (was: openbsd web server failure)
On Mon, Aug 04, 2008 at 10:58:19AM -0400, Jason Dixon wrote: On Mon, Aug 04, 2008 at 04:52:40PM +0300, Lars Nood??n wrote: John Nietzsche wrote: ... Software error: Can't locate Bio/SearchIO.pm in @INC (@INC contains ... It looks like you are missing the CPAN module Bio::SearchIO from Apache's chroot. Make sure this is installed and, as the others have pointed out, inside chroot. You might find some ideas here: http://livenudefrogs.com/~anubis/servers/apache_perl_chroot.shtml http://archives.neohapsis.com/archives/openbsd/2007-02/0645.html Numerous others have already given you the answers you're looking for. I would like to add my own $0.02 here that if you're running Perl apps in the chroot, that mod_perl should be your new best friend. It can load up all the necessary dependencies at httpd execution and will save you from having to copy tons of cruft into the server root. I've considered putting together a short article on Undeadly describing this technique based on my own efforts porting security/hatchet, but I wasn't sure if there would be any interest. By popular demand... http://undeadly.org/cgi?action=articlesid=20080805194342 -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
openbsd web server failure
Hi, i am migrating a web application from a linux server to an openbsd one. I am having a hard time trying to execute a cgi program, the only thing i get on the browser is: Software error: Can't locate Bio/SearchIO.pm in @INC (@INC contains: /usr/libdata/perl5/amd64-openbsd/5.8.8 /usr/local/libdata/perl5/amd64-openbsd/5.8.8 /usr/libdata/perl5 /usr/local/libdata/perl5 /usr/local/libdata/perl5/site_perl/amd64-openbsd /usr/libdata/perl5/site_perl/amd64-openbsd /usr/local/libdata/perl5/site_perl /usr/libdata/perl5/site_perl /usr/local/lib/perl5/site_perl .) at /asd/var/data/html/cgi-bin/blastXtract.cgi line 9. BEGIN failed--compilation aborted at /asd/var/data/html/cgi-bin/blastXtract.cgi line 9. For help, please send mail to the webmaster ([EMAIL PROTECTED]), giving this error message and the time and date of the error Does anybody know the path to the right portage for installation? Thanks in advance.
Re: openbsd web server failure
On Mon, 4 Aug 2008 09:59:47 -0300, John Nietzsche wrote Hi, i am migrating a web application from a linux server to an openbsd one. I am having a hard time trying to execute a cgi program... The default configuration of the Apache web server is chrooted. FAQ 10.16 describes the implications, and how to run non-chrooted if necessary.
Re: openbsd web server failure
On Mon, Aug 04, 2008 at 09:59:47AM -0300, John Nietzsche wrote: Hi, i am migrating a web application from a linux server to an openbsd one. I am having a hard time trying to execute a cgi program, the only thing i get on the browser is: Software error: Can't locate Bio/SearchIO.pm in @INC (@INC contains: /usr/libdata/perl5/amd64-openbsd/5.8.8 /usr/local/libdata/perl5/amd64-openbsd/5.8.8 /usr/libdata/perl5 /usr/local/libdata/perl5 /usr/local/libdata/perl5/site_perl/amd64-openbsd /usr/libdata/perl5/site_perl/amd64-openbsd /usr/local/libdata/perl5/site_perl /usr/libdata/perl5/site_perl /usr/local/lib/perl5/site_perl .) at /asd/var/data/html/cgi-bin/blastXtract.cgi line 9. BEGIN failed--compilation aborted at /asd/var/data/html/cgi-bin/blastXtract.cgi line 9. For help, please send mail to the webmaster ([EMAIL PROTECTED]), giving this error message and the time and date of the error Does anybody know the path to the right portage for installation? Thanks in advance. Hi, Did you read the FAQ ? = http://www.openbsd.org/faq/faq10.html#httpdchroot Existing CGIs: Most will NOT work as is. They may need programs or libraries outside /var/www. Some can be fixed by compiling so they are statically linked (not needing libraries in other directories), most may be fixed by populating the /var/www directory with the files required by the application, though this is non-trivial and requires some knowledge of the program. Gilles -- Gilles Chehade http://www.poolp.org/~gilles/ Please, contribute to my happiness ;) http://www.amazon.com/gp/registry/wishlist/2O09ACKR1A8HD/
Re: openbsd web server failure
* John Nietzsche wrote: i am migrating a web application from a linux server to an openbsd one. I am having a hard time trying to execute a cgi program, the only thing i get on the browser is: Software error: Can't locate Bio/SearchIO.pm in @INC (@INC contains: /usr/libdata/perl5/amd64-openbsd/5.8.8 /usr/local/libdata/perl5/amd64-openbsd/5.8.8 /usr/libdata/perl5 /usr/local/libdata/perl5 /usr/local/libdata/perl5/site_perl/amd64-openbsd /usr/libdata/perl5/site_perl/amd64-openbsd /usr/local/libdata/perl5/site_perl /usr/libdata/perl5/site_perl /usr/local/lib/perl5/site_perl .) at /asd/var/data/html/cgi-bin/blastXtract.cgi line 9. BEGIN failed--compilation aborted at /asd/var/data/html/cgi-bin/blastXtract.cgi line 9. For help, please send mail to the webmaster ([EMAIL PROTECTED]), giving this error message and the time and date of the error In OpenBSD, the webserver runs chrooted. It is likely that this is causing you the problem. Does anybody know the path to the right portage for installation? OpenBSD does not have portages, but packages. But you fail to give even the least information. The output of the 'dmesg' is generally useful and to mention the software you are trying to install would hurt nobody, either. - Marc Balmer
Re: openbsd web server failure
John Nietzsche wrote: ... Software error: Can't locate Bio/SearchIO.pm in @INC (@INC contains ... It looks like you are missing the CPAN module Bio::SearchIO from Apache's chroot. Make sure this is installed and, as the others have pointed out, inside chroot. You might find some ideas here: http://livenudefrogs.com/~anubis/servers/apache_perl_chroot.shtml http://archives.neohapsis.com/archives/openbsd/2007-02/0645.html Regards, -Lars
Re: openbsd web server failure
John Nietzsche [EMAIL PROTECTED] writes: Software error: Can't locate Bio/SearchIO.pm in @INC (@INC contains: [**snippage** ] Does anybody know the path to the right portage for installation? I wouldn't claim to *know*, but the last time I had a similar problem, I did a web search on OpenBSD path/Filename.pm and it gave me enough information to figure out which packages I needed to install. In this specific case, searching for OpenBSD Bio/SearchIO.pm gave me exactly one reference, but enough to conclude that the port /usr/ports/biology/bioperl or the matching package is a likely solution (after a locate) Hope this helps, -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: openbsd web server failure
Thank you Peter! I installed bioperl and it worked. On Mon, Aug 4, 2008 at 10:20 AM, Peter N. M. Hansteen [EMAIL PROTECTED] wrote: John Nietzsche [EMAIL PROTECTED] writes: Software error: Can't locate Bio/SearchIO.pm in @INC (@INC contains: [**snippage** ] Does anybody know the path to the right portage for installation? I wouldn't claim to *know*, but the last time I had a similar problem, I did a web search on OpenBSD path/Filename.pm and it gave me enough information to figure out which packages I needed to install. In this specific case, searching for OpenBSD Bio/SearchIO.pm gave me exactly one reference, but enough to conclude that the port /usr/ports/biology/bioperl or the matching package is a likely solution (after a locate) Hope this helps, -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: openbsd web server failure
On Mon, Aug 04, 2008 at 04:52:40PM +0300, Lars Nood??n wrote: John Nietzsche wrote: ... Software error: Can't locate Bio/SearchIO.pm in @INC (@INC contains ... It looks like you are missing the CPAN module Bio::SearchIO from Apache's chroot. Make sure this is installed and, as the others have pointed out, inside chroot. You might find some ideas here: http://livenudefrogs.com/~anubis/servers/apache_perl_chroot.shtml http://archives.neohapsis.com/archives/openbsd/2007-02/0645.html Numerous others have already given you the answers you're looking for. I would like to add my own $0.02 here that if you're running Perl apps in the chroot, that mod_perl should be your new best friend. It can load up all the necessary dependencies at httpd execution and will save you from having to copy tons of cruft into the server root. I've considered putting together a short article on Undeadly describing this technique based on my own efforts porting security/hatchet, but I wasn't sure if there would be any interest. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
Re: openbsd web server failure
Jason Dixon [EMAIL PROTECTED] writes: I've considered putting together a short article on Undeadly describing this technique based on my own efforts porting security/hatchet, but I wasn't sure if there would be any interest. I for one would be very interested in reading such an article. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: openbsd web server failure
Jason Dixon wrote: Numerous others have already given you the answers you're looking for. I would like to add my own $0.02 here that if you're running Perl apps in the chroot, that mod_perl should be your new best friend. It can load up all the necessary dependencies at httpd execution and will save you from having to copy tons of cruft into the server root. Yes! Good point. Even though I used to use mod_perl a lot, I've lately neglected it. (Mostly due to doing very little of my own web app work nowadays.) I've considered putting together a short article on Undeadly describing this technique based on my own efforts porting security/hatchet, but I wasn't sure if there would be any interest. Please do write something. It would be great to read: It'd be an interesting read for those who know how already, to see another perspective. It'd be a good reminder for those that have done it, but have gotten rusty. It'd be instructive for those just beginning with CGI on chroot'd Apache. The more people that can put competently put together a decent web service, the better. regards, -Lars
Re: openbsd web server failure
On Mon, 4 Aug 2008, Jason Dixon wrote: SNIP I've considered putting together a short article on Undeadly describing this technique based on my own efforts porting security/hatchet, but I wasn't sure if there would be any interest. -- Jason Dixon my devalued US$.02 worth, I think there would be plenty of interest. diana
Re: openbsd web server failure
On Mon, Aug 04, 2008 at 06:50:55PM +0300, Lars Nood??n wrote: Jason Dixon wrote: Numerous others have already given you the answers you're looking for. I would like to add my own $0.02 here that if you're running Perl apps in the chroot, that mod_perl should be your new best friend. It can load up all the necessary dependencies at httpd execution and will save you from having to copy tons of cruft into the server root. Yes! Good point. Even though I used to use mod_perl a lot, I've lately neglected it. (Mostly due to doing very little of my own web app work nowadays.) I've considered putting together a short article on Undeadly describing this technique based on my own efforts porting security/hatchet, but I wasn't sure if there would be any interest. Please do write something. It would be great to read: It'd be an interesting read for those who know how already, to see another perspective. It'd be a good reminder for those that have done it, but have gotten rusty. It'd be instructive for those just beginning with CGI on chroot'd Apache. The more people that can put competently put together a decent web service, the better. regards, -Lars me three 8*) cel -- Christopher Linn celinn at mtu.edu | By no means shall either the CEC System Administrator II | or MTU be held in any way liable Center for Experimental Computation | for any opinions or conjecture I Michigan Technological University | hold to or imply to hold herein.
Re: openbsd web server failure
On Mon, Aug 04, 2008 at 10:58:19AM -0400, Jason Dixon wrote: I've considered putting together a short article on Undeadly describing this technique based on my own efforts porting security/hatchet, but I wasn't sure if there would be any interest. I would be interested in reading the article. (There is already something at www.vnode.ch, which deals more specifically with php.) cheers, -b