search

rschupp / PAR-Packer

(perl) Generate stand-alone executables, perl scripts and PAR files https://metacpan.org/pod/PAR::Packer
Other
48 stars 13 forks source link

PERL do not run script after PAR #49

Closed leandrocombr closed 3 years ago

leandrocombr commented 3 years ago 
[root@localhost html]# rpm -q centos-release
centos-release-7-9.2009.1.el7.centos.x86_64

[root@localhost html]# httpd -v
Server version: Apache/2.4.6 (CentOS)
Server built:   Dec 13 2020 00:35:05

[root@localhost html]# perl -v
This is perl 5, version 34, subversion 0 (v5.34.0) built for x86_64-linux

[root@localhost html]# cpan
cpan shell -- CPAN exploration and modules installation (v2.28)

[root@localhost html]# pwd
/var/www/html

[root@localhost html]# ls -lha
-rw-r--r--. 1 apache apache  239 Jul 26 09:54 .htaccess
-rw-r--r--. 1 apache apache   47 Jul 25 20:00 index.html
-rwxr-xr-x. 1 apache apache   97 Jul 26 11:02 perl.pl

Script runs normally on http://localhost/perl.pl

PERL script content

#!/usr/bin/perl
use strict;
use warnings;

print "Content-type: text/html\n\n";

print "Hello World!";

exit;
[root@localhost html]# pp -x -c -o a.out perl.pl
/tmp/kjzLwQRe6G syntax OK

[root@localhost html]# mv a.out xx.pl
[root@localhost html]# chown apache:apache xx.pl
[root@localhost html]# chmod 755 xx.pl

[root@localhost html]# ./perl.pl
Content-type: text/html

Hello World![root@localhost html]# ./xx.pl
Content-type: text/html

Hello World![root@localhost html]#

When I run the script via browser http://localhost/xx.pl

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

[root@localhost html]# tail -f /var/log/httpd/ssl_error_log
[Mon Jul 26 11:06:18.315481 2021] [cgi:error] [pid 18880] [client 2.57.171.41:12219] End of script output before headers: xx.pl
[Mon Jul 26 11:07:21.702880 2021] [cgi:error] [pid 18881] [client 2.57.171.41:9437] End of script output before headers: xx.pl
[Mon Jul 26 11:07:22.742897 2021] [cgi:error] [pid 18879] [client 2.57.171.41:19913] End of script output before headers: xx.pl
[Mon Jul 26 11:07:28.448565 2021] [cgi:error] [pid 18882] [client 2.57.171.41:27467] End of script output before headers: xx.pl
[Mon Jul 26 11:30:08.557949 2021] [cgi:error] [pid 18883] [client 2.57.171.41:30987] End of script output before headers: xx.pl
<Directory /var/www>
     Options +ExecCGI
     SetHandler cgi-script
     AddHandler cgi-script .bin .pl .cgi
</Directory>

<Directory /var/www/mycgi-bin>
     ExecCGI Options
     SetHandler cgi-script
     AddHandler cgi-script .bin .pl .cgi
</Directory>
rschupp commented 3 years ago

I can't reproduce this. Please provide a complete strace of apache:

  1. start apache
  2. find the PID of the main apache process
  3. as root: strace -o my_strace -v -s 100 -f -p $PID
  4. browse to http://localhost/xx.pl
  5. kill the strace and attach my_strace (preferably gzipped)
rschupp commented 3 years ago

On Tue, Jul 27, 2021 at 10:40 PM leandrocombr @.***> wrote:

I can't reproduce this. Please provide a complete strace of apache:

  1. start apache

  2. find the PID of the main apache process

  3. as root: strace -o my_strace -v -s 100 -f -p $PID

  4. browse to http://localhost/xx.pl

  5. kill the strace and attach my_strace (preferably gzipped)

@.*** html]# strace -o my_strace -v -s 100 -f -p $PID strace: option requires an argument -- 'p'

PID=

leandrocombr commented 3 years ago

On Tue, Jul 27, 2021 at 10:40 PM leandrocombr @.> wrote: I can't reproduce this. Please provide a complete strace of apache: 1. start apache 2. find the PID of the main apache process 3. as root: strace -o my_strace -v -s 100 -f -p $PID 4. browse to http://localhost/xx.pl 5. kill the strace and attach my_strace (preferably gzipped) @. html]# strace -o my_strace -v -s 100 -f -p $PID strace: option requires an argument -- 'p' PID=

Follow the file as requested: my_trace

https://www.filemail.com/d/rrcxkeclkhwutln

rschupp commented 3 years ago

my_trace shows

1347  execve("/var/www/html/xx.pl", ["/var/www/html/xx.pl"], ...) = 0
# CGI program starts executing...
...
1347  stat("/tmp/par-617061636865", {st_mode=S_IFDIR|0700, st_uid=48, st_gid=48, ...}) = 0
# PAR's per-user temp directory exists and has permission 0700 apache:apache
1347  getuid()                          = 48
# ...and it's running as apache
...
1347  mkdir("/tmp/par-617061636865/cache-12be90475e491aee5ef41af4e17e373b37359d1d", 0700) = -1 EEXIST
# the cache directory for xx.pl already exists (from a previous run)
1347  stat("/tmp/par-617061636865/cache-12be90475e491aee5ef41af4e17e373b37359d1d/xx.pl", {st_mode=S_IFREG|0750st_uid=48, st_gid=48, ...}) = 0
# ...and the already extracted custom perl interpreter has permission 750 apache:apache
1347  execve("/tmp/par-617061636865/cache-12be90475e491aee5ef41af4e17e373b37359d1d/xx.pl", ...) = -1 EACCESS
# strange!

The only possible explanation for EACCESS left is: the executable is on a filesystem mounted with noexec.

E.g., on my system (Debian) apache is controlled by systemd and apache.service has PrivateTmp=true. Check what /tmp is for the apache process and its offspring with cat /proc/<pid-of-apache-main-process>/mountinfo | grep /tmp.

leandrocombr commented 3 years ago

Do you have whatsapp or telegram?

my_trace shows

1347  execve("/var/www/html/xx.pl", ["/var/www/html/xx.pl"], ...) = 0
# CGI program starts executing...
...
1347  stat("/tmp/par-617061636865", {st_mode=S_IFDIR|0700, st_uid=48, st_gid=48, ...}) = 0
# PAR's per-user temp directory exists and has permission 0700 apache:apache
1347  getuid()                          = 48
# ...and it's running as apache
...
1347  mkdir("/tmp/par-617061636865/cache-12be90475e491aee5ef41af4e17e373b37359d1d", 0700) = -1 EEXIST
# the cache directory for xx.pl already exists (from a previous run)
1347  stat("/tmp/par-617061636865/cache-12be90475e491aee5ef41af4e17e373b37359d1d/xx.pl", {st_mode=S_IFREG|0750st_uid=48, st_gid=48, ...}) = 0
# ...and the already extracted custom perl interpreter has permission 750 apache:apache
1347  execve("/tmp/par-617061636865/cache-12be90475e491aee5ef41af4e17e373b37359d1d/xx.pl", ...) = -1 EACCESS
# strange!

The only possible explanation for EACCESS left is: the executable is on a filesystem mounted with noexec.

E.g., on my system (Debian) apache is controlled by systemd and apache.service has PrivateTmp=true. Check what /tmp is for the apache process and its offspring with cat /proc/<pid-of-apache-main-process>/mountinfo | grep /tmp.

Do you have whatsapp or telegram?

leandrocombr commented 3 years ago 
chmod 0700 /tmp/par-617061636865/

chown apache:apache /tmp/par-617061636865/

I restarted the server with reboot, and the error persists!

[root@localhost tmp]# cat /proc/8689/mountinfo
130 129 253:0 / / rw,relatime shared:109 master:1 - ext4 /dev/mapper/centos-root rw,seclabel,data=ordered
131 130 0:5 / /dev rw,nosuid shared:110 master:2 - devtmpfs devtmpfs rw,seclabel,size=8040600k,nr_inodes=2010150,mode=755
132 131 0:19 / /dev/shm rw,nosuid,nodev shared:111 master:3 - tmpfs tmpfs rw,seclabel
133 131 0:12 / /dev/pts rw,nosuid,noexec,relatime shared:112 master:4 - devpts devpts rw,seclabel,gid=5,mode=620,ptmxmode=000
134 131 0:15 / /dev/mqueue rw,relatime shared:113 master:27 - mqueue mqueue rw,seclabel
135 131 0:38 / /dev/hugepages rw,relatime shared:114 master:28 - hugetlbfs hugetlbfs rw,seclabel
136 130 0:3 / /proc rw,nosuid,nodev,noexec,relatime shared:115 master:5 - proc proc rw
137 136 0:37 / /proc/sys/fs/binfmt_misc rw,relatime shared:116 master:25 - autofs systemd-1 rw,fd=27,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=10153
138 130 0:18 / /sys rw,nosuid,nodev,noexec,relatime shared:117 master:6 - sysfs sysfs rw,seclabel
139 138 0:17 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:118 master:7 - securityfs securityfs rw
140 138 0:21 / /sys/fs/cgroup ro,nosuid,nodev,noexec shared:119 master:8 - tmpfs tmpfs ro,seclabel,mode=755
141 140 0:22 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:120 master:9 - cgroup cgroup rw,seclabel,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd
142 140 0:25 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:121 master:10 - cgroup cgroup rw,seclabel,memory
143 140 0:26 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime shared:122 master:11 - cgroup cgroup rw,seclabel,cpuacct,cpu
144 140 0:27 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:123 master:12 - cgroup cgroup rw,seclabel,blkio
145 140 0:28 / /sys/fs/cgroup/net_cls,net_prio rw,nosuid,nodev,noexec,relatime shared:124 master:13 - cgroup cgroup rw,seclabel,net_prio,net_cls
146 140 0:29 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:125 master:14 - cgroup cgroup rw,seclabel,cpuset
147 140 0:30 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:126 master:15 - cgroup cgroup rw,seclabel,freezer
148 140 0:31 / /sys/fs/cgroup/pids rw,nosuid,nodev,noexec,relatime shared:127 master:16 - cgroup cgroup rw,seclabel,pids
149 140 0:32 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:128 master:17 - cgroup cgroup rw,seclabel,devices
150 140 0:33 / /sys/fs/cgroup/hugetlb rw,nosuid,nodev,noexec,relatime shared:129 master:18 - cgroup cgroup rw,seclabel,hugetlb
151 140 0:34 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime shared:130 master:19 - cgroup cgroup rw,seclabel,perf_event
152 138 0:23 / /sys/fs/pstore rw,nosuid,nodev,noexec,relatime shared:131 master:20 - pstore pstore rw
153 138 0:24 / /sys/firmware/efi/efivars rw,nosuid,nodev,noexec,relatime shared:132 master:21 - efivarfs efivarfs rw
154 138 0:35 / /sys/kernel/config rw,relatime shared:133 master:22 - configfs configfs rw
155 138 0:16 / /sys/fs/selinux rw,relatime shared:134 master:23 - selinuxfs selinuxfs rw
156 138 0:6 / /sys/kernel/debug rw,relatime shared:135 master:26 - debugfs debugfs rw
157 130 0:20 / /run rw,nosuid,nodev shared:136 master:24 - tmpfs tmpfs rw,seclabel,mode=755
158 157 0:39 / /run/user/0 rw,nosuid,nodev,relatime shared:137 master:105 - tmpfs tmpfs rw,seclabel,size=1610548k,mode=700
159 130 8:2 / /boot rw,relatime shared:138 master:29 - xfs /dev/sda2 rw,seclabel,attr2,inode64,noquota
160 159 8:1 / /boot/efi rw,relatime shared:139 master:30 - vfat /dev/sda1 rw,fmask=0077,dmask=0077,codepage=437,iocharset=ascii,shortname=winnt,errors=remount-ro
161 130 253:2 / /var rw,relatime shared:140 master:31 - ext4 /dev/mapper/centos-var rw,seclabel,data=ordered
162 130 253:0 /tmp/systemd-private-6167da197e0f43bd80d040489ab8f080-httpd.service-VQFAAB/tmp /tmp rw,relatime shared:142 master:1 - ext4 /dev/mapper/centos-root rw,seclabel,data=ordered
163 161 253:2 /tmp/systemd-private-6167da197e0f43bd80d040489ab8f080-httpd.service-8YUmJB/tmp /var/tmp rw,relatime shared:141 master:31 - ext4 /dev/mapper/centos-var rw,seclabel,data=ordered
165 137 0:40 / /proc/sys/fs/binfmt_misc rw,relatime shared:144 master:143 - binfmt_misc binfmt_misc rw
[root@localhost tmp]# cat /usr/lib/systemd/system/httpd.service
# See httpd.service(8) for more information on using the httpd service.

# Modifying this file in-place is not recommended, because changes
# will be overwritten during package upgrades.  To customize the
# behaviour, run "systemctl edit httpd" to create an override unit.

# For example, to pass additional options (such as -D definitions) to
# the httpd binary at startup, create an override unit (as is done by
# systemctl edit) and enter the following:

#       [Service]
#       Environment=OPTIONS=-DMY_DEFINE

[Unit]
Description=The Apache HTTP Server
Wants=httpd-init.service
After=network.target remote-fs.target nss-lookup.target httpd-init.service
Documentation=man:httpd.service(8)

[Service]
Type=notify
Environment=LANG=C

ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND
ExecReload=/usr/sbin/httpd $OPTIONS -k graceful
# Send SIGWINCH for graceful stop
KillSignal=SIGWINCH
KillMode=mixed
PrivateTmp=true

[Install]
WantedBy=multi-user.target
rschupp commented 3 years ago 
chmod 0700 /tmp/par-617061636865/
chown apache:apache /tmp/par-617061636865/

I restarted the server with reboot, and the error persists!

That is the global /tmp and has no effect on private /tmp's created by systemd.

OK, so httpd.service has PrivateTmp=true and 

130 129 253:0 / / rw,relatime shared:109 master:1 - ext4 /dev/mapper/centos-root rw,seclabel,data=ordered
161 130 253:2 / /var rw,relatime shared:140 master:31 - ext4 /dev/mapper/centos-var rw,seclabel,data=ordered
162 130 253:0 /tmp/systemd-private-6167da197e0f43bd80d040489ab8f080-httpd.service-VQFAAB/tmp /tmp rw,relatime shared:142 master:1 - ext4 /dev/mapper/centos-root rw,seclabel,data=ordered
163 161 253:2 /tmp/systemd-private-6167da197e0f43bd80d040489ab8f080-httpd.service-8YUmJB/tmp /var/tmp rw,relatime shared:141 master:31 - ext4 /dev/mapper/centos-var rw,seclabel,data=ordered

shows that the apache service indeed has its own /tmp (and /var/tmp), but they're not mounted noexec, but with seclabel...

Is selinux enabled on this machine? Maybe EACCESS is caused by some selinux policy, check your logs. E.g. the selinux refpolicy has this tunable:

## <desc>
##  <p>
##  Determine whether httpd can execute
##  its temporary content.
##  </p>
## </desc>
gen_tunable(httpd_tmp_exec, false)