| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
With warnings and pedantic mode enabled, `gcc (GCC) 13.2.1` returns
an implicit fall through warning. This can be fixed by annotating
the error function with NORETURN.
|
| | |
|
| | |
|
| |\
| |
| |
| | |
Fixes: https://github.com/gnosek/fcgiwrap/pull/21
|
| | |
| |
| |
| |
| |
| | |
chdir to directory which holds scripts doesn't work well with some CGIs.
Let the FastCGI invoker provide `FCGI_CHDIR` which can be `-` to inhibit
chdir, or another place to chdir to.
|
| | |
| |
| |
| |
| |
| | |
While this generally is the right thing to do, we don't clean up
the rest of the memory (we're exiting in a moment, anyway)
and conditionally freeing a single variable seems wrong.
|
| | |
| |
| |
| |
| | |
We either have a proper descriptor (>0) or an error (<0)
so we don't strictly need the fd_out parameter
|
| |\ \
| | |
| | |
| | | |
Fixes: https://github.com/gnosek/fcgiwrap/pull/26
|
| | | | |
|
| | | | |
|
| | |/
| |
| |
| |
| | |
If unix socket is not cleaned up, we will fail to bind on it the next
startup round (Address already in use).
|
| | | |
|
| |\ \
| |/
|/| |
Added pkg-config to the requirements
|
| |/ |
|
| |\
| |
| | |
prefork: Fix 100% CPU usage in parent process
|
| |/
|
|
|
|
|
|
|
| |
When a child process is terminated, the parent calls waitpid() to check
for dead children. This returns -1 on error (e.g. there are no other
children or a signal interrupted waitpid()), the pid (> 0) for dead
children OR 0 if there are some children which are still alive.
Fixes gnosek/fcgiwrap#18.
|
| | |
|
| |\
| |
| | |
Add `-p path` option to restrict scripts
|
| |/
|
|
|
|
|
|
|
|
|
|
|
| |
If the purpose of fcgiwrap is to wrap cgit, then I want to be sure that no other
program can be executed under the privileges of the fcgiwrap user.
When the option `-p path` is given, only the programs specified by `path` are
allowed to execute (multiple occurrences of `-p` are merged to form a list of
allowed programs).
Note that this value will be matched literally, no attempt is done to
canonicalize the path. This also implies that glob patterns or directories will
never match.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
We do it in a rather violent way to avoid FCGI shutdown (the parent
must keep the socket alive and working)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Use the same error handler for 403s and 502s. This basically ports
the required fixes from error_403 (previous commit) to the 502
error on failed exec(). Two user-visible side effects:
- error message now says "403 Forbidden" instead of "403"
- failed exec() gets logged over stderr
(also, use \r\n instead of \n as a line seprator but that has been
fixed up by the parent process before).
|
| |
|
|
|
|
|
|
|
| |
Report 403 errors over normal stdout/stderr (after setting up the
pipes). Properly reporting the error response over stdout requires:
- flushing the I/O, which would otherwise get buffered
- skipping atexit handlers (would otherwise close the FCGI connection
cleanly, interfering with the parent process still trying to talk
over it)
|
| |
|
|
|
| |
It's not a security issue (executing the file would fail, anyway)
but it's a sensible sanity check.
|
| |\
| |
| | |
Minor buildsys fixes
|
| | |
| |
| |
| |
| |
| |
| | |
This was an unfortunate copypasta error that slipped in with 9836d6d22.
The HAVE_SYSTEMD macro should only be defined based on the presence of
the library, not the unit files, since the units are useless without the
library support.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This suppresses a warning on ./configure for a directory which fcgiwrap
does not use:
config.status: WARNING: 'Makefile.in' seems to ignore the --datarootdir
setting
|
| |/
|
|
|
|
|
| |
Add flags and libraries to the respective environment vars and let make
figure out the order on its own. This provides support for unmentioned
vars such as LDFLAGS implicitly, as the compilation rule isn't
explicitly defined.
|
| |\
| |
| | |
add systemd unit files for installation
|
| |/
|
|
|
| |
These are automatically installed iff systemd support is compiled into
fcgiwrap.
|
| |\
| |
| | |
systemd socket activation support
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
This prevents the need for starting fcgiwrap explicitly, or using a
tool such as spawn-fcgi. The type of socket does not matter, we merely
accept a single FD passed from pid 1 and listen on it.
|
| |/ |
|
| |\
| |
| | |
STDERR redirection back through the FCGI socket
|
| | | |
|
| |/ |
|
| | |
|
| |
|
|
|
|
| |
"-" must be escaped ("\-") to be interpreted as minus.
Signed-off-by: Jordi Mallach <jordi@debian.org>
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
This should ease testing and deployment in simpler cases
|
| |
|
|
|
|
| |
If present, it overrides DOCUMENT_ROOT and SCRIPT_NAME and prevents
mangling of PATH_INFO. Should allow cleaner configs when script names
don't come from request URIs directly.
|
| |
|
|
| |
He's been added to the contributors in README.rst.
|
| | |
|
| | |
|
| | |
|
