Security

Suexec:無效命令錯誤

  • October 8, 2017

我正在嘗試使用 suexec 設置 lighttpd,但測試時出現問題:當我嘗試通過 suexec 啟動某些內容時,它會在日誌中顯示: [2017-10-08 00:23:24]: invalid command (/srv/http/main/htdocs/cgi-bin/test.py) 輸出suexec -V

-D AP_DOC_ROOT="/srv/http"
-D AP_GID_MIN=100
-D AP_HTTPD_USER="lighttpd"
-D AP_LOG_EXEC="/var/log/lighttpd/suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=100
-D AP_USERDIR_SUFFIX="public_html"

我用來啟動程序的包裝器:

#!/bin/bash
filename="$1"
user="$(/usr/bin/stat -c "%U" "$filename")
group="$(/usr/bin/stat -c "%G" "$filename")

cd "$(dirname "$filename")"

/usr/local/bin/suexec "$user" "$group" "$filename"

權限沒問題,沒有設置惡意寫入位。從 userdirs ( /home/$USER/public_html) 和 docroot 都嘗試。

似乎只允許相對路徑;錯誤消息來自此塊:

/*
* Check for a leading '/' (absolute path) in the command to be executed,
* or attempts to back up out of the current directory,
* to protect against attacks.  If any are
* found, error out.  Naughty naughty crackers.
*/
if ((cmd[0] == '/') || (!strncmp(cmd, "../", 3))
   || (strstr(cmd, "/../") != NULL)) {
   log_err("invalid command (%s)\n", cmd);
   exit(104);
}

(見https://anonscm.debian.org/cgit/pkg-apache/apache2.git/tree/support/suexec.c?h=upstream/2.4.27#n350

引用自:https://serverfault.com/questions/877401