Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add `-p path` option to restrict scripts | Peter Wu | 2013-04-13 | 1 | -2/+27 |
| | | | | | | | | | | | | | If the purpose of fcgiwrap is to wrap cgit, then I want to be sure that no other program can be executed under the privileges of the fcgiwrap user. When the option `-p path` is given, only the programs specified by `path` are allowed to execute (multiple occurrences of `-p` are merged to form a list of allowed programs). Note that this value will be matched literally, no attempt is done to canonicalize the path. This also implies that glob patterns or directories will never match. | ||||
* | Bump version number | Grzegorz Nosek | 2013-02-03 | 1 | -1/+1 |
| | |||||
* | Add help for -f option | Grzegorz Nosek | 2013-02-03 | 1 | -0/+1 |
| | |||||
* | Close FCGI socket before executing script | Grzegorz Nosek | 2013-02-03 | 1 | -0/+2 |
| | | | | | We do it in a rather violent way to avoid FCGI shutdown (the parent must keep the socket alive and working) | ||||
* | Unify CGI error handling | Grzegorz Nosek | 2013-02-03 | 1 | -7/+7 |
| | | | | | | | | | | | | Use the same error handler for 403s and 502s. This basically ports the required fixes from error_403 (previous commit) to the 502 error on failed exec(). Two user-visible side effects: - error message now says "403 Forbidden" instead of "403" - failed exec() gets logged over stderr (also, use \r\n instead of \n as a line seprator but that has been fixed up by the parent process before). | ||||
* | Fix 403 error handling | Grzegorz Nosek | 2013-02-03 | 1 | -19/+21 |
| | | | | | | | | | Report 403 errors over normal stdout/stderr (after setting up the pipes). Properly reporting the error response over stdout requires: - flushing the I/O, which would otherwise get buffered - skipping atexit handlers (would otherwise close the FCGI connection cleanly, interfering with the parent process still trying to talk over it) | ||||
* | Check file permissions even when we get full path over FastCGI | Grzegorz Nosek | 2013-02-03 | 1 | -0/+2 |
| | | | | | It's not a security issue (executing the file would fail, anyway) but it's a sensible sanity check. | ||||
* | Cleanup -Wmissing-prototypes compiler warnings | Dave Reisner | 2012-08-19 | 1 | -5/+5 |
| | |||||
* | Add support for socket activation via systemd | Dave Reisner | 2012-08-19 | 1 | -0/+12 |
| | | | | | | This prevents the need for starting fcgiwrap explicitly, or using a tool such as spawn-fcgi. The type of socket does not matter, we merely accept a single FD passed from pid 1 and listen on it. | ||||
* | split listen() logic into separate function | Dave Reisner | 2012-08-19 | 1 | -18/+24 |
| | |||||
* | Create -f option to allow sending stderr to fcgi logs | Joseph Gooch | 2011-12-08 | 1 | -2/+10 |
| | |||||
* | fixing compilation under FreeBSD | Quentin Stievenart | 2010-08-16 | 1 | -0/+1 |
| | |||||
* | Add `-s' option to enable binding by fcgiwrap itself | Grzegorz Nosek | 2010-06-03 | 1 | -2/+123 |
| | | | | This should ease testing and deployment in simpler cases | ||||
* | Use SCRIPT_FILENAME environment variable when available | Grzegorz Nosek | 2010-06-03 | 1 | -1/+5 |
| | | | | | | If present, it overrides DOCUMENT_ROOT and SCRIPT_NAME and prevents mangling of PATH_INFO. Should allow cleaner configs when script names don't come from request URIs directly. | ||||
* | adjusted option _-c_ help text | W-Mark Kubacki | 2010-05-25 | 1 | -1/+1 |
| | |||||
* | fcgiwrap to rely on definitions provided by autoconf/autoreconf | W-Mark Kubacki | 2010-05-25 | 1 | -4/+4 |
| | |||||
* | nitpicks as described in today's email to Mark | Jordi Mallach | 2010-05-25 | 1 | -4/+4 |
| | | | | Signed-off-by: W-Mark Kubacki <wmark@hurrikane.de> | ||||
* | help screen, along with version set to 1.0 | W-Mark Kubacki | 2010-03-22 | 1 | -1/+13 |
| | |||||
* | Compile fixes for OpenBSD | Grzegorz Nosek | 2009-07-17 | 1 | -2/+3 |
| | | | | Thanks to Toni Mueller, original author of the patch | ||||
* | Officially release fcgiwrap under the MIT licence | Grzegorz Nosek | 2009-03-17 | 1 | -0/+25 |
| | |||||
* | Close child's pipe ends after dup2()ing them to the right places | Grzegorz Nosek | 2009-03-17 | 1 | -0/+4 |
| | | | | Thanks to Fenixk19 for the report and patch. | ||||
* | Better diagnostics for 403 errors | Grzegorz Nosek | 2009-02-28 | 1 | -12/+19 |
| | | | | Passed via FastCGI stderr, so should end up in webserver's error log | ||||
* | Simple prefork support | Grzegorz Nosek | 2009-02-28 | 1 | -2/+81 |
| | | | | (start as fcgiwrap -c <num-children>, with a suitable socket on FD 0) | ||||
* | Don't eat characters after final CR/LF | Grzegorz Nosek | 2008-12-03 | 1 | -2/+2 |
| | |||||
* | Restore default SIGCHLD handler (also SIGPIPE for completeness) | Grzegorz Nosek | 2008-06-10 | 1 | -0/+2 |
| | |||||
* | Keep passing data from CGI to FastCGI even after a descriptor closes early | Grzegorz Nosek | 2008-06-10 | 1 | -1/+1 |
| | |||||
* | Fix CR/LF mangling to skip response body | Grzegorz Nosek | 2008-05-05 | 1 | -0/+5 |
| | |||||
* | Split out passing the request to a separate function | Grzegorz Nosek | 2008-05-05 | 1 | -6/+17 |
| | |||||
* | Fix off-by-one while walking the buffer | Grzegorz Nosek | 2008-03-22 | 1 | -1/+1 |
| | |||||
* | Use a much prettier state machine | Grzegorz Nosek | 2008-03-22 | 1 | -53/+71 |
| | |||||
* | Implement a simple state machine to fixup CGI reply line endings | Grzegorz Nosek | 2008-03-22 | 1 | -8/+88 |
| | |||||
* | Inherit environment from parent in CGI processes | Grzegorz Nosek | 2008-03-22 | 1 | -0/+68 |
| | |||||
* | Fix classic off-by-one in select() call | Grzegorz Nosek | 2008-03-16 | 1 | -1/+1 |
| | |||||
* | Send CGI stderr to real stderr, not to fastcgi stream | Grzegorz Nosek | 2008-03-16 | 1 | -2/+20 |
| | |||||
* | Use INT_MIN instead of -1 as sentinel in max_va() | Grzegorz Nosek | 2008-03-16 | 1 | -2/+5 |
| | |||||
* | Chdir to script's directory before exec (per CGI spec) | Grzegorz Nosek | 2008-03-16 | 1 | -0/+15 |
| | |||||
* | Mostly rewritten for robustness and prettier code | Grzegorz Nosek | 2007-09-30 | 1 | -44/+159 |
| | |||||
* | Improved CGI permission logic | Grzegorz Nosek | 2007-03-10 | 1 | -9/+37 |
| | | | | Symlinks are now allowed if owner matches | ||||
* | Initial commit | Grzegorz Nosek | 2007-03-10 | 1 | -0/+170 |