DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 5th November 2024
chigurh chigurh is offline
Port Guard
 
Join Date: Jul 2014
Posts: 41
Default Unable to execute php scripts from php pages on OpenBSD's httpd

On OpenBSD's httpd, I can't run PHP scripts directly within PHP files. Although I am able to execute those scripts using PHP's interactive shell, the script output is not shown on a webpage. Is there something I'm missing? I have analogous pages where I utilize javascript to run PHP scripts, however on one page I have to run either PHP or lua/luajit directly from PHP because of the big amount of JSON data and interactive element.

My httpd.conf :
Code:
chroot "/"
ext_ip="10.0.2.1"
server "tangent.localdomain" {
    listen on $ext_ip port 80
    listen on $ext_ip tls port 443
    tls {
        certificate "/etc/ssl/tangent.localdomain.crt"
        key "/etc/ssl/private/tangent.localdomain.key"
    }        
    directory index "index.php"
    location "*.php" {
        fastcgi socket "/var/www/run/php-fpm.sock"
    }
    location "*.html" {
        fastcgi socket "/var/www/run/php-fpm.sock"  
	root "/var/www/htdocs/tn"
    }
    location "/cgi-bin/*" {
        fastcgi socket "/var/www/run/slowcgi.sock"
    }
    log syslog 
    root "/var/www/htdocs/tn/"
    }
    types {
        text/css                css
        text/html               html htm
        text/plain              txt
        image/gif               gif
        image/jpeg              jpeg jpg
        image/png               png
        image/svg+xml           svg svgz
        application/javascript  js
        application/xml         xml
	application/xhtml+xml   xhtml
    }
My php code inside php webpage :
Code:
<div class="mb-2 w-full">
              <span class="text-xs text-gray-500 dark:text-gray-400 md:text-base block">
                <?php include(\'/var/www/htdocs/tn/assets/scripts/date.php\'); ?>
              </span>
             <div class="text-gray-900 dark:text-white text-xs md:text-sm w-full p-2 bg-gray-100 dark:bg-gray-800 rounded-lg overflow-auto max-h-48 log-container">
              <p class="whitespace-pre-wrap break-words" id="log-content">
                <?php include(\'/var/www/htdocs/tn/assets/scripts/log.php\'); ?>
              </p>
             </div>
            </div>
Webpage syntax check :
Code:
[Tue Nov 05 03:17:45 root tangent ~]
# php -l /var/www/htdocs/tn/logtest.php    
No syntax errors detected in /var/www/htdocs/tn/logtest.php
Script execution in interactive php shell :
Code:
[Tue Nov 05 03:21:01 root tangent /var/www/htdocs/tn]
# php -a                        
Interactive shell

php > include 'assets/scripts/date.php';
11-05-2024 03:21:26
php >
The image of webpage that doesn't show the date
Reply With Quote
  #2   (View Single Post)  
Old 8th November 2024
chigurh chigurh is offline
Port Guard
 
Join Date: Jul 2014
Posts: 41
Default

It began functioning automagically after a reboot.
Reply With Quote
  #3   (View Single Post)  
Old 8th November 2024
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,180
Default

Code:
chroot "/"
Why do you set the chroot to "/"? That defeats a major security measure of httpd.
It is like having a seat belt in your car, but not using it!

The default is "/var/www" which limits access of a web hack/intrusion. An ntruder will see "/var/www" as "/" and prevent him from messing around with the other parts/directories of your system.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #4   (View Single Post)  
Old 8th November 2024
chigurh chigurh is offline
Port Guard
 
Join Date: Jul 2014
Posts: 41
Default

Quote:
Originally Posted by J65nko View Post
Code:
chroot "/"
Why do you set the chroot to "/"? That defeats a major security measure of httpd.
It is like having a seat belt in your car, but not using it!

The default is "/var/www" which limits access of a web hack/intrusion. An ntruder will see "/var/www" as "/" and prevent him from messing around with the other parts/directories of your system.
The service runs on a LAN; it is not a public-facing infrastructure. I could chroot, but then I wouldn't be able to accomplish my objectives. Limiting it to /var/www would require shifting vital components inside /var/www, rendering it unusable.

On top of that, I've put in place additional safeguards that could potentially mitigate exploits. I have spare time till January 2025, therefore I decided to create a high-quality WebUI for my OpenBSD firewall and router.

Last edited by chigurh; 8th November 2024 at 05:39 AM. Reason: Additional information
Reply With Quote
Reply

Tags
httpd php external scripts

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
unable to execute libreoffice rdikarlus NetBSD Package System (pkgsrc) 4 11th February 2024 07:10 PM
Automating the "vi /etc/httpd.conf", httpd -n, rcctl restart httpd" treadmill J65nko Guides 0 18th May 2021 12:58 AM
Tracking OpenBSD snapshots with some simple sh scripts J65nko Guides 3 2nd December 2009 04:55 AM
DJB daemontools: compile and install scripts (OpenBSD) J65nko Guides 2 13th November 2009 10:57 AM
Periodic scripts for mail scripts stukov FreeBSD General 2 8th March 2009 07:51 PM


All times are GMT. The time now is 06:55 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick