search

kristapsdz / kcgi

minimal CGI and FastCGI library for C/C++
https://kristaps.bsd.lv/kcgi
ISC License
278 stars 40 forks source link

FastCGI: read: Capabilities insufficient #51

Closed causal-agent closed 5 years ago

causal-agent commented 6 years ago

I'm trying to deploy kfcgi on FreeBSD. Using the example program from https://kristaps.bsd.lv/kcgi/tutorial2.html, I get this error:

$ freebsd-version                                                                                                                                                                   
11.2-RELEASE-p4

$ pkg info kcgi | head -n 3                                                                                                                                                         
kcgi-0.10.7
Name           : kcgi
Version        : 0.10.7

$ CFLAGS=-I/usr/local/include LDFLAGS='-static -L/usr/local/lib' LDLIBS='-lkcgi -lz' make example                                                                                   
cc -I/usr/local/include -static -L/usr/local/lib example.c -lkcgi -lz -o example

$ sudo kfcgi -d -s kfcgi.sock -u www -U www -p . -- /example &                                                                                                                      
[1] 10342

$ sudo nc -U kfcgi.sock <<< ''                                                                                                                                                      
fcgi.c:248: FastCGI: read: Capabilities insufficient
wrappers.c:485: read: unexpected eof: read 0 of 8 bytes
child.c:1691: FastCGI: error reading frame size from control
child.c:2094: FastCGI: unrecoverable error at start sequence
fcgi.c:754: fullreadfd: hangup (terminating)
wrappers.c:182: child status 1
kfcgi[10345]: worker unexpectedly exited
fcgi.c:742: fcgi_waitread: exit request
fcgi.c:742: fcgi_waitread: exit request
fcgi.c:742: fcgi_waitread: exit request
child.c:2078: FastCGI: worker termination
child.c:2078: FastCGI: worker termination
fcgi.c:742: fcgi_waitread: exit request
child.c:2078: FastCGI: worker termination
child.c:2078: FastCGI: worker termination

The error is the same if I point an HTTPd to the socket. I'm just using nc as an example to trigger the error.

causal-agent commented 6 years ago

truss output leading to that error:

11769: poll({ 0/POLLIN 3/POLLIN },2,-1)      = 1 (0x1)
11769: accept(0,{ AF_UNIX "" },0x7fffffffe408)   = 1 (0x1)
11769: fcntl(1,F_GETFL,)             = 6 (0x6)
11769: fcntl(1,F_SETFL,O_RDWR|O_NONBLOCK)    = 0 (0x0)
11769: getpid()                  = 11769 (0x2df9)
11769: __sysctl(0x7fffffffe368,0x2,0x7fffffffe2d0,0x7fffffffe2c8,0x0,0x0) = 0 (0x0)
11769: poll({ 4/POLLOUT },1,-1)          = 1 (0x1)
11769: write(4,",\M^M\M-i.",4)           = 4 (0x4)
11769: poll({ 1/POLLIN 4/POLLIN },2,-1)      = 1 (0x1)
11769: read(1,0x7fffffffe490,1024)       ERR#93 'Capabilities insufficient'
11769: stat("/usr/share/nls/C/libc.cat",0x7fffffffd978) ERR#94 'Not permitted in capability mode'
11769: stat("/usr/share/nls/libc/C",0x7fffffffd978) ERR#94 'Not permitted in capability mode'
11769: stat("/usr/local/share/nls/C/libc.cat",0x7fffffffd978) ERR#94 'Not permitted in capability mode'
11769: stat("/usr/local/share/nls/libc/C",0x7fffffffd978) ERR#94 'Not permitted in capability mode'
11769: write(2,"fcgi.c:248: FastCGI: read: Capab"...,53) = 53 (0x35)
Gminfly commented 6 years ago

I have the same issue, I need to find out what it actually tries to read.

causal-agent commented 6 years ago

As far as I can tell from the truss output, it just tries to read the socket it gets from calling accept, which seems like it should work fine from reading rights(4).

Gminfly commented 6 years ago

Well it doesn’t at all, in fact it always results in a 500 Internal server error :/ If you want me to try anything on my server let me know

On 12 Nov 2018, at 22:32, Curtis McEnroe notifications@github.com wrote:

As far as I can tell from the truss output, it just tries to read the socket it gets from calling accept, which seems like it should work fine from reading rights(4).

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/kristapsdz/kcgi/issues/51#issuecomment-438035856, or mute the thread https://github.com/notifications/unsubscribe-auth/AFOpW177_-MEXdB_etdvEgN_Wn5cUAepks5uuekLgaJpZM4XyuyW.

kristapsdz commented 5 years ago

I think I have an inkling of what this may be. Does anybody have a FreeBSD box for me to test? I can also send a patch, but that'll be a little cumbersome w/r/t back-and-forth.

kristapsdz commented 5 years ago

Thanks everybody---this turned out to be some misleading documentation in the FreeBSD rights(4) manual. It's described in the commit message. I'll have a version out promptly with this fix.