[Mailman-Developers] Failed authentication

J C Lawrence claw@kanga.nu
Sun, 12 Mar 2000 09:50:13 -0800 

On Sun, 12 Mar 2000 00:19:18 -0800 
J C Lawrence <claw@kanga.nu> wrote:

> Findings: read_urlencoded never reads anything from stdin.  Zero.
> Zilch.  Nada.  There's nothing there.  The key edits:
...
> According to that Apache is sending all the right data, it just
> ain't getting there.  I've also upgraded libc6 recently (Debian
> system FWIW with packages libc6_2.1.3-[567]_i386.deb (notice regex
> range)).  I downgraded libc6 to the package versions (5 and 6)
> that were installed when it did work to no effect.  I also rebuilt
> the Mailman C based CGI programs under the installed version of
> libc6, and copied them over (in case something odd was going on)
> to no observed effect.

I changed cgi-wrapper.c to read:

#include <stdio.h>
#include "common.h"

/* passed in by configure */
#define SCRIPTNAME  SCRIPT
#define LOG_IDENT   "Mailman cgi-wrapper (" ## SCRIPT ## ")"

/* GID that CGI scripts run as.  See your Web server's documentation. */
#define LEGAL_PARENT_GID CGI_GID

const char* logident = LOG_IDENT;
char* script = SCRIPTNAME;
const int parentgid = LEGAL_PARENT_GID;


int
main(int argc, char** argv, char** env)
{
        int status;
        char* fake_argv[3];
   char ac[31];            /* !!!!!!!!!!!edited!!!!!!!!!!!!! */
   memset (ac, 0, 31);     /* !!!!!!!!!!!edited!!!!!!!!!!!!! */

        running_as_cgi = 1;
        if (getgid()>=100 && getgid()!=65534) check_caller(logident, parentgid)$

        /* for these CGI programs, we can ignore argc and argv since they
         * don't contain anything useful.  `script' will always be the driver
         * program and argv will always just contain the name of the real
         * script for the driver to import and execute (padded with two dummy
         * values in argv[0] and argv[1] that are ignored by run_script().
         */
        fake_argv[0] = NULL;
        fake_argv[1] = NULL;
        fake_argv[2] = script;

   fread (ac, 1, 30, stdin);           /* !!!!!!!!!!!!edited!!!!!!!!!!!! */
   fprintf (stderr, "---[%s]---",ac);  /* !!!!!!!!!!!!edited!!!!!!!!!!!! */
        status = run_script("driver", 3, fake_argv, env);
        fatal(logident, status, "%s", strerror(errno));
        return status;
}

The ~mailman/cgi-bin/admin is not getting anything on stdin.  Not
good.

-- 
J C Lawrence                                 Home: claw@kanga.nu
----------(*)                              Other: coder@kanga.nu
--=| A man is as sane as he is dangerous to his environment |=--