sankarNarayanan / modwsgi

Automatically exported from code.google.com/p/modwsgi
0 stars 0 forks source link

WSGISocketPrefix doesn't work correctly #291

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
Please upvote my first ever note on stackexchange (:

http://serverfault.com/questions/322131/wsgi-says-permissions-denied-on-my-ubunt
u-server-no-wsgisocketprefix-setting/478973#478973

By default wsgi puts socket in /etc/httpd/logs so we put in a WSGISocketPrefix 
to move to another location (this much is documented). The problem trying to 
specify a WSGISocketPrefix like /var/run/wsgi it still doesn't work! Why? 
Because it appends to /etc/httpd whatever you put there. So if I want my socket 
in /var/run/wsgi, I have to set prefix to ../../var/run/wsgi.

This is in mod_wsgi 3.2 installed via centos yum.

Original issue reported on code.google.com by jime...@gmail.com on 14 Feb 2013 at 8:07

GoogleCodeExporter commented 8 years ago
Please provide details on what version of Apache you are using and what version 
of the Apache runtime library it is linked with. This has not caused problems 
in the past.

The code from APR routine used is:

    if (addpath[0] == '/') {
        /* If addpath is rooted, then rootpath is unused.
         * Ths violates any APR_FILEPATH_SECUREROOTTEST and
         * APR_FILEPATH_NOTABSOLUTE flags specified.
         */
        if (flags & APR_FILEPATH_SECUREROOTTEST)
            return APR_EABOVEROOT;
        if (flags & APR_FILEPATH_NOTABSOLUTE)
            return APR_EABSOLUTE;

        /* If APR_FILEPATH_NOTABOVEROOT wasn't specified,
         * we won't test the root again, it's ignored.
         * Waste no CPU retrieving the working path.
         */
        if (!rootpath && !(flags & APR_FILEPATH_NOTABOVEROOT))
            rootpath = "";
    }

Thus, if addpath starts with '/' as it would if supplied /some/path, then it 
should ignore the root path and return that addpath instead. Thus it should not 
simply be getting joined to ServerRoot.

Whether this occurs can be changed though based on what arguments are passed in 
which control this.

Looks like Apache has been changed, with it possibly being changed by the Linux 
distribution, who are often quite overly paranoid and make changes they think 
makes things more secure.

BTW, please do not use StackOverflow sites. If you have an issue you should 
have brought it up on the mod_wsgi mailing list first. Read:

http://code.google.com/p/modwsgi/wiki/WhereToGetHelp?tm=6#Asking_Your_Questions

Original comment by Graham.Dumpleton@gmail.com on 14 Feb 2013 at 10:41

GoogleCodeExporter commented 8 years ago
Installed Packages
Name        : httpd
Arch        : x86_64
Version     : 2.2.15
Release     : 15.el6.centos.1
Size        : 2.9 M
Repo        : installed
From repo   : anaconda-CentOS-201207061011.x86_64
Summary     : Apache HTTP Server

Is this the information you need? I agree, from the code snippet it doesn't 
look like my analysis is correct.

Original comment by jime...@gmail.com on 2 Mar 2013 at 5:14

GoogleCodeExporter commented 8 years ago
Never seen this raised by anyone else. Going to assume that nothing needs to be 
done.

Original comment by Graham.Dumpleton@gmail.com on 12 Nov 2014 at 10:25