Sam Varshavchik wrote:
> On Thu, 10 Aug 2000, Sergey Nikolaev wrote:
>
> > When I try to login via sqwebmail, it says no such user or password.
> > I am running sqwebmail as a simple web user (I removed a setuid bit from
> > sqwebmail executable).
>
> That's your problem right there. sqwebmail must be setuid root. It's not
> installed that way by accident.
>
> > When I ran sqwebmail with setuid bit set and root ownership, I could not run it
> > at all. The error log file would say something like
> > cgi srcipt didn't produce a valid header. I ran truss on my ns-httpd to find out
> > that
> > sqwebmail failed because it could not find gdbm library even though
> > LD_LIBRARY_PATH is set properly in the start script.
>
> But since sqwebmail is executed by the http server, is LD_LIBRARY_PATH set
> in that environment?
As I mentioned, LD_LIBRARY_PATH is set in the start script that starts the http
server.
To make sure that LD_LIBRARY_PATH is in sqwebmail's environment I did some tests. Look
below
# ls -l /usr/local/lib
total 15418
drwxr-xr-x 3 bin bin 512 Jul 31 10:03 gcc-lib
-rw-r--r-- 1 root other 1432616 Aug 2 12:11 libcrypto.a
-rw-r--r-- 1 bin bin 48876 Mar 24 20:13 libgdbm.a
-rwxr-xr-x 1 bin bin 472 Mar 24 20:13 libgdbm.la
lrwxrwxrwx 1 root other 16 Aug 1 17:14 libgdbm.so -> libgdbm.so.2.0.0
lrwxrwxrwx 1 root other 16 Aug 1 17:14 libgdbm.so.2 -> libgdbm.so.2.0.0
-rwxr-xr-x 1 bin bin 30664 Mar 24 20:13 libgdbm.so.2.0.0
-rw-r--r-- 1 bin bin 328848 Feb 7 2000 libiberty.a
-rw-r--r-- 1 root other 135996 Aug 2 13:39 liblber.a
-rw-r--r-- 1 root other 646 Aug 2 13:39 liblber.la
-rw-r--r-- 1 root other 1222404 Aug 2 13:39 libldap.a
-rw-r--r-- 1 root other 646 Aug 2 13:39 libldap.la
-rw-r--r-- 1 root other 280644 Aug 2 12:11 libssl.a
-rw-r--r-- 1 bin bin 2114340 Feb 7 2000 libstdc++.a.2.10.0
-r-xr-xr-x 1 bin bin 2199324 Feb 7 2000 libstdc++.so.2.10.0
drwxr-xr-x 4 bin bin 512 Aug 1 17:55 perl5
# ls -l /opt/sqwebmail/cgi-bin/sqwebmail
-rwsr-xr-x 1 root other 247944 Aug 7 17:26 /opt/sqwebmail/cgi-bin/sqwebmail
# ps -ef|grep ns-http
alias 1293 1264 0 10:27:00 ? 0:18 ns-httpd -d
/var/netscape/server4/https-mail-gw1.atlassoft.com/config
root 1269 1268 0 10:25:46 ? 0:04 ns-httpd -d
/var/netscape/server4/https-admserv/config
root 1421 229 1 12:28:27 pts/0 0:00 grep ns-http
# truss -r 33,34,36,37 -w 33,34,36,37 -afel -p 1293
1293/1: psargs: ns-httpd -d
/var/netscape/server4/https-mail-gw1.atlassoft.com/c
1293/5: Received signal #14, SIGALRM, in lwp_sema_wait() [caught]
some stuff skipped ....
1293/3: poll(0xE9FD0AF0, 1, 5000) = 1
1293/3: accept(260, 0x004E42C0, 0xE9FD0BE4, 1) = 33
1293/3: fcntl(33, F_GETFL, 0x00000000) = 130
1293/3: fstat64(33, 0xE9FD09E8) = 0
1293/3: getsockopt(33, 65535, 8192, 0xE9FD0AE8, 0xE9FD0AE0, 4350025) = 0
1293/3: fstat64(33, 0xE9FD09E8) = 0
1293/3: getsockopt(33, 65535, 8192, 0xE9FD0AE8, 0xE9FD0AE4, 4350025) = 0
1293/3: setsockopt(33, 65535, 8192, 0xE9FD0AE8, 4, 4350025) = 0
1293/3: fcntl(33, F_SETFL, 0x00000082) = 0
1293/3: setsockopt(33, 65535, 8, 0xE9FD0B54, 4, 1) = 0
1293/3: lwp_sema_post(0xEE958E78) = 0
1293/4: lwp_sema_wait(0xEE958E78) = 0
1293/3: read(33, 0x004E22C0, 8192) = 377
1293/3: G E T / c g i - b i n / s q w e b m a i l H T T P / 1 . 0\r
1293/3: \n C o n n e c t i o n : K e e p - A l i v e\r\n U s e r - A g
1293/3: e n t : M o z i l l a / 4 . 7 3 [ e n ] ( X 1 1 ; U ;
1293/3: S u n O S 5 . 7 s u n 4 u )\r\n P r a g m a : n o - c a c
1293/3: h e\r\n H o s t : m a i l - g w 1 . a t l a s s o f t . c o m
1293/3: \r\n A c c e p t : i m a g e / g i f , i m a g e / x - x b i
1293/3: t m a p , i m a g e / j p e g , i m a g e / p j p e g , i
1293/3: m a g e / p n g , * / *\r\n A c c e p t - E n c o d i n g :
1293/3: g z i p\r\n A c c e p t - L a n g u a g e : e n\r\n A c c e p
1293/3: t - C h a r s e t : i s o - 8 8 5 9 - 1 , * , u t f - 8\r\n C
1293/3: o o k i e : S I T E S E R V E R = I D = 7 5 c 7 7 3 d 1 6 f 8
1293/3: 5 1 e 2 7 8 8 e d 6 0 a 6 a 8 e 3 5 d a 1\r\n\r\n
1293/4: accept(260, 0x004EC890, 0xE9FAEBE4, 1) Err#11 EAGAIN
1293/3: getsockname(33, 0x004E1AA8, 0xE9FD0824, 1) = 0
1293/3: stat("/opt/sqwebmail/cgi-bin/sqwebmail", 0xE9FD02A0) = 0
1293/3: stat("/opt/sqwebmail/cgi-bin/sqwebmail", 0x004E4E08) = 0
1293/3: getuid() = 100 [100]
1293/3: getgid() = 100 [100]
1293/3: write(34, 0x0061D490, 1096) = 1096
1293/3: \0\004 H\0\0\001\0\0\001\0\0\0\0\001\0 % / o p t / s q w e b m a
1293/3: i l / c g i - b i n / s q w e b m a i l\0\0\0\0\002\00E s q w e
1293/3: b m a i l\0\0\0\00403FF H T T P _ C O N N E C T I O N = K e e p
1293/3: - A l i v e\0 H T T P _ U S E R _ A G E N T = M o z i l l a / 4
1293/3: . 7 3 [ e n ] ( X 1 1 ; U ; S u n O S 5 . 7 s u n 4
1293/3: u )\0 H T T P _ P R A G M A = n o - c a c h e\0 H T T P _ H O S
1293/3: T = m a i l - g w 1 . a t l a s s o f t . c o m\0 H T T P _ A C
1293/3: C E P T = i m a g e / g i f , i m a g e / x - x b i t m a p ,
1293/3: i m a g e / j p e g , i m a g e / p j p e g , i m a g e /
1293/3: p n g , * / *\0 H T T P _ A C C E P T _ E N C O D I N G = g z
1293/3: i p\0 H T T P _ A C C E P T _ L A N G U A G E = e n\0 H T T P _
1293/3: A C C E P T _ C H A R S E T = i s o - 8 8 5 9 - 1 , * , u t f -
1293/3: 8\0 H T T P _ C O O K I E = S I T E S E R V E R = I D = 7 5 c 7
1293/3: 7 3 d 1 6 f 8 5 1 e 2 7 8 8 e d 6 0 a 6 a 8 e 3 5 d a 1\0 P A T
1293/3: H = / v a r / n e t s c a p e / s e r v e r 4 / b i n / h t t p
1293/3: s / b i n : / u s r / b i n : / u s r / s b i n : / u s r / c c
1293/3: s / b i n : / u s r / l o c a l / b i n : / v a r / q m a i l /
1293/3: b i n\0 T Z = U S / E a s t e r n\0 L D _ L I B R A R Y _ P A T
1293/3: H = / v a r / n e t s c a p e / s e r v e r 4 / b i n / h t t p
1293/3: s / j r e / l i b / s p a r c / c l a s s i c : / v a r / n e t
1293/3: s c a p e / s e r v e r 4 / b i n / h t t p s / j r e / l i b /
1293/3: s p a r c / n a t i v e _ t h r e a d s : / v a r / n e t s c a
1293/3: p e / s e r v e r 4 / b i n / h t t p s / j r e / l i b / s p a
1293/3: r c : / v a r / n e t s c a p e / s e r v e r 4 / b i n / h t t
1293/3: p s / l i b : / u s r / l o c a l / l i b\0 S E R V E R _ S O F
NOTE /usr/local/lib in LD_LIBRARY_PATH above
1293/3: T W A R E = i P l a n e t - W e b S e r v e r - E n t e r p r i
1293/3: s e / 4 . 1\0 S E R V E R _ P O R T = 8 0\0 S E R V E R _ N A M
1293/3: E = m a i l - g w 1 . a t l a s s o f t . c o m\0 S E R V E R _
1293/3: U R L = h t t p : / / m a i l - g w 1 . a t l a s s o f t . c o
1293/3: m\0 R E M O T E _ H O S T = 6 3 . 1 0 5 . 2 3 9 . 2 4 0\0 R E M
1293/3: O T E _ A D D R = 6 3 . 1 0 5 . 2 3 9 . 2 4 0\0 H T T P S = O F
1293/3: F\0 G A T E W A Y _ I N T E R F A C E = C G I / 1 . 1\0 S E R V
1293/3: E R _ P R O T O C O L = H T T P / 1 . 0\0 R E Q U E S T _ M E T
1293/3: H O D = G E T\0 S C R I P T _ N A M E = / c g i - b i n / s q w
1293/3: e b m a i l\0\0
1293/3: recvmsg(34, 0xE9FD0400, 0) = 20
1293/3: fcntl(36, F_GETFL, 0x00000000) = 2
1293/3: fstat64(36, 0xE9FD02E0) = 0
1293/3: fstat64(36, 0xE9FD02E0) = 0
1293/3: fcntl(36, F_SETFL, 0x00000082) = 0
1293/3: setsockopt(36, 65535, 8, 0xE9FD044C, 4, 1) Err#95 ENOTSOCK
1293/3: fcntl(37, F_GETFL, 0x00000000) = 2
1293/3: fstat64(37, 0xE9FD02E0) = 0
1293/3: fstat64(37, 0xE9FD02E0) = 0
1293/3: fcntl(37, F_SETFL, 0x00000082) = 0
1293/3: setsockopt(37, 65535, 8, 0xE9FD044C, 4, 1) Err#95 ENOTSOCK
1293/3: close(36) = 0
1293/3: read(37, 0x004E5AE0, 8192) = 80
1293/3: l d . s o . 1 : s q w e b m a i l : f a t a l : l i b g d
1293/3: b m . s o . 2 : o p e n f a i l e d : N o s u c h f i
1293/3: l e o r d i r e c t o r y\n
Note this above
1293/3: read(37, 0x004E5AE0, 8192) = 0
1293/3: time() = 965924918
1293/3: time() = 965924918
1293/3: getpid() = 1293 [1264]
1293/3: write(7, " [ 1 0 / A u g / 2 0 0 0".., 306) = 306
1293/3: close(37) = 0
1293/3: getpid() = 1293 [1264]
1293/3: kill(1423, SIGTERM) Err#3 ESRCH
1293/3: getpid() = 1293 [1264]
1293/3: kill(1423, SIG#0) Err#3 ESRCH
1293/3: getpid() = 1293 [1264]
1293/3: kill(1423, SIGKILL) Err#3 ESRCH
1293/3: write(33, 0x004E7C78, 164) = 164
1293/3: H T T P / 1 . 1 5 0 0 S e r v e r E r r o r\r\n S e r v e
1293/3: r : N e t s c a p e - E n t e r p r i s e / 4 . 1\r\n D a t e
1293/3: : T h u , 1 0 A u g 2 0 0 0 1 6 : 2 8 : 3 7 G M T\r
1293/3: \n C o n t e n t - l e n g t h : 3 0 5\r\n C o n t e n t - t y
1293/3: p e : t e x t / h t m l\r\n C o n n e c t i o n : c l o s e
1293/3: \r\n\r\n
1293/3: write(33, 0xE9FCF660, 305) = 305
1293/3: < H T M L > < H E A D > < T I T L E > S e r v e r E r r o r <
1293/3: / T I T L E > < / H E A D >\n < B O D Y > < H 1 > S e r v e r
1293/3: E r r o r < / H 1 >\n T h i s s e r v e r h a s e n c o u
1293/3: n t e r e d a n i n t e r n a l e r r o r w h i c h p
1293/3: r e v e n t s i t f r o m f u l f i l l i n g y o u r
1293/3: r e q u e s t . T h e m o s t l i k e l y c a u s e i
1293/3: s a m i s c o n f i g u r a t i o n . P l e a s e a s k
1293/3: t h e a d m i n i s t r a t o r t o l o o k f o r m
1293/3: e s s a g e s i n t h e s e r v e r ' s e r r o r l o
1293/3: g .\n < / B O D Y > < / H T M L >
1293/3: shutdown(33, 1, 1) = 0
1293/3: read(33, 0xE9FCF800, 4096) Err#11 EAGAIN
1293/3: poll(0xE9FCF6A0, 1, 1000) = 1
1293/3: read(33, 0xE9FCF800, 4096) = 0
1293/3: close(33) = 0
1293/3: brk(0x00657498) = 0
1293/3: brk(0x00659498) = 0
This proves that even though LD_LIBRARY_PATH IS in the environment of
sqwebmail it cann't find gdbm library. Strangely, if I remove the setuid to root, then
it finds
the gdbm library fine.
I even tried to run an cgi script like this
# cat /opt/sqwebmail/cgi-bin/test
#!/bin/sh
LD_LIBRARY_PATH=/usr/local/lib
export LD_LIBRARY_PATH
env LD_LIBRARY_PATH=/usr/local/lib /opt/sqwebmail/cgi-bin/sqwebmail $*
with the same result.
Any clues? It looks like when sqwebmail changes to root it is losing its environment.
Is it normal?
Sergey
>
>
> --
> Sam
