From tripleemcoder at gmail.com  Thu Jan  1 19:32:30 2015
From: tripleemcoder at gmail.com (=?UTF-8?Q?Marcin_Miko=C5=82ajczak?=)
Date: Thu, 1 Jan 2015 19:32:30 +0100
Subject: [mpm-itk] Behaviour with PATH_INFO and subrequests
Message-ID: <CAAHJvm-woCAxcr_-Eiq43qDEXnOV-+e7e4mBLmoPy_6eYXQyqg@mail.gmail.com>

Hi there,

I'd like to describe an interesting issue with handling URIs like
/some/application/index.php/some/other/data.

Assume the following:
- server runs as www-data:www-data
- /some/application has an ITK AssignUserID set with Location or Directory
to some-app:some-app
- index.php file exists and is a script able to handle
PATH_INFO=/some/other/data

Very close to the beginning of processing requests by PHP it
calls ap_add_cgi_vars and I imagine other script modules do the same:
https://github.com/php/php-src/blob/PHP-5.6.4/sapi/apache2handler/sapi_apache2.c#L608

This in turn issues a subrequest to generate PATH_TRANSLATED:
https://github.com/apache/httpd/blob/bc6270ac3911f2f432ae8fa1a92da3f1f57fe838/server/util_script.c#L390

This causes ITK to be called 2 times:
1. First time, for the main request, it calls setuid(some-app) and
setgid(some-app)
2. Second time, for the subrequest, when the persistent connection logic
kicks in and resets the connection, because ITK is unable to
setuid(www-data) when getuid() == some-app.

As a result the browser gets a zero-length result without a status code.

The only way I managed to overcome this is to use mod_rewrite and strip
PATH_INFO and set it back as an environment variable:
RewriteRule index.php/(.*) - [env=PATH_INFO:/$1]
RewriteRule index.php/(.*) index.php [DPI,L]

I used 2 rules not to get the variable prefixed with REDIRECT_, but that's
not the point.

What do you guys think? Could all this be solved somehow? I've spent the
whole day trying to figure this out, as logs weren't helpful at all, the
request was just dying with no feedback. I hope this at least will be
helpful to others having the same problem.

Best regards,
Marcin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.err.no/pipermail/mpm-itk/attachments/20150101/7bfd130e/attachment.htm>

From len at gatamundo.com  Wed Jan 14 15:52:03 2015
From: len at gatamundo.com (Len Burns)
Date: Wed, 14 Jan 2015 06:52:03 -0800
Subject: [mpm-itk] Mailman/MPM-ITK Problem After Ubuntu Upgrade
Message-ID: <000a01d03009$a8d366d0$fa7a3470$@gatamundo.com>

Good day,

We recently upgraded Ubuntu to 14.04 LTS.  14.04 is using Apache-2.4.7.  For
a number of years we have used MPM-ITK with mailman without a problem.  When
attempting to access the Mailman python scripts we now receive the
following:


Mailman CGI error!!!
The Mailman CGI wrapper encountered a fatal error. This entry is being
stored in your syslog:
Operation not permitted

There has been some suggestion this may result from settings of
LimitUIDRange and LimitGIDRange preventing the setgid on the mailman
wrapper.  To test this, I expanded the range of those settings with no
effect. 

Apache/MPM-ITK has been installed from Ubuntu packages.  Any suggestions as
to a direction to explore to resolve this would be much appreciated.  Right
now I have unhappy users.  :)  Many thanks.

-Len




From viktu at rectorat.url.edu  Wed Jan 14 16:50:44 2015
From: viktu at rectorat.url.edu (Viktu Pons Colomer)
Date: Wed, 14 Jan 2015 15:50:44 +0000
Subject: [mpm-itk] Mailman/MPM-ITK Problem After Ubuntu Upgrade
In-Reply-To: <000a01d03009$a8d366d0$fa7a3470$@gatamundo.com>
References: <000a01d03009$a8d366d0$fa7a3470$@gatamundo.com>
Message-ID: <DB3PR05MB34858EB8FCE9267575B336898410@DB3PR05MB348.eurprd05.prod.outlook.com>

I am on the same boat :( Anyone have a hint?

Any help will be appreciated!

-------------------------
Viktu Pons i Colomer
-------------------------

-----Missatge original-----
De: mpm-itk [mailto:mpm-itk-bounces at err.no] En nom de Len Burns
Enviat: mi?rcoles, 14 de enero de 2015 15:52
Per a: mpm-itk at err.no
Tema: [mpm-itk] Mailman/MPM-ITK Problem After Ubuntu Upgrade

Good day,

We recently upgraded Ubuntu to 14.04 LTS.  14.04 is using Apache-2.4.7.  For a number of years we have used MPM-ITK with mailman without a problem.  When attempting to access the Mailman python scripts we now receive the
following:


Mailman CGI error!!!
The Mailman CGI wrapper encountered a fatal error. This entry is being stored in your syslog:
Operation not permitted

There has been some suggestion this may result from settings of LimitUIDRange and LimitGIDRange preventing the setgid on the mailman wrapper.  To test this, I expanded the range of those settings with no effect. 

Apache/MPM-ITK has been installed from Ubuntu packages.  Any suggestions as to a direction to explore to resolve this would be much appreciated.  Right now I have unhappy users.  :)  Many thanks.

-Len


_______________________________________________
mpm-itk mailing list
mpm-itk at err.no
http://lists.err.no/mailman/listinfo/mpm-itk