Re: Wrapped application directory oddity

In article <mMchi.2140$Od7.623@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
"Jeff Godfrey" <jeff_godfrey@xxxxxxxxx> wrote:

"Jeff Godfrey" <jeff_godfrey@xxxxxxxxx> wrote in message
news:6aXgi.1993$zA4.138@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi All,

I have a TclApp wrapped application running on a remote web server.

More details on this subject...

I just had someone with the proper authority run my test CGI
application on the server box from a command terminal. The
application just issues the appropriate HTTP header, then spits out
some relevant path info from [info nameofexecutable], [info script],
[pwd], and $starkit::topdir.

Interestingly, when run that way, the returned paths are all
legitimate. That is, they all begin with "D:/WebHosting/...". Now,
when the same wrapped application is run as a CGI program via a
web-browser, the return values of most of the above are botched.
Specifically:

[pwd] - still OK (returns "D:/WebHosting/..."
[info nameofexecutable], [info script], and [$starkit::topdir] are bad
(return "//?/D:WebHosting/..."

I assume the CGI environment is more restrictive than that of the
local command shell test, which must be lending itself to this
problem. Any ideas on what would cause the botched paths under CGI?


"//?/D:WebHosting/..."

http://machinename/D:WebHosting

My guess is it is the method the web server uses to spawn the subprocess.

Note that on windows, creating a new process can actually have *two*
arguments that define what executable is run, and they are used in
different ways.

Google CreateProcess(), find it at MSDN, and read the sections on
lpApplicationName and lpCommandLine for more info.

--
MKS
.

Relevant Pages

  • Re: unable to write from a select into outfile
    ... remote host as whatever user your remote host's CGI is running as. ... including the "nobody" user and the database and web server accounts. ... The /tmp directory should have permissions 01777 (sticky, ...
    (perl.dbi.users)
  • Re: Web Connectivity
    ... CGI works in Windows too.... ... Probably a jRCS solution would work better, would not require jBASE on the ... >>> What is the easiest way to query and display jBase ... >>> Linux and the web server is IIS on 2003 server. ...
    (comp.databases.pick)
  • [Full-Disclosure] sh-httpd `wildcard character vulnerability
    ... sh-httpd is a shell script-based Web server that supports GET and HEAD methods, and a CGI 1.1 interface. ... It's not real fast, and it's probably not real secure, but it is really small. ... xploithackermailcom INetCop Security Home: http://www.inetcop.org ...
    (Full-Disclosure)
  • [Full-Disclosure] [VulnWatch] sh-httpd `wildcard character vulnerability
    ... sh-httpd is a shell script-based Web server that supports GET and HEAD methods, and a CGI 1.1 interface. ... It's not real fast, and it's probably not real secure, but it is really small. ... xploithackermailcom INetCop Security Home: http://www.inetcop.org ...
    (Full-Disclosure)
  • [Full-Disclosure] sh-httpd `wildcard character vulnerability
    ... sh-httpd is a shell script-based Web server that supports GET and HEAD methods, and a CGI 1.1 interface. ... It's not real fast, and it's probably not real secure, but it is really small. ... xploithackermailcom INetCop Security Home: http://www.inetcop.org ...
    (Full-Disclosure)