httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "t-systems-fitz" <t-systems-f...@web.de>
Subject RE: [users@httpd] apache with my own libraries
Date Fri, 16 May 2003 13:24:25 GMT
Hello,

for crle can only be used by root, but I have no root rigths.

best regards fitz

----- Original Message ----- 
From: "t-systems-fitz" <t-systems-fitz@web.de>
To: <users@httpd.apache.org>
Sent: Friday, May 16, 2003 3:14 PM
Subject: RE: [users@httpd] apache with my own libraries


> Hello,
>
> setting LD_LIBRARY_PATH doesn't work for my environment, because httpsd
> would be started by users with setting the suid-bit (chown root:usergroup
> httpsd, chmod u+s httpsd). So if the users sets LD_LIBRARY_PATH to the
right
> location, httpsd didn't start, becuase it starts as root.
> But I will give a try to crle.
>
> best regards fitz
>
>
> -----Original Message-----
> From: Broekman, Maarten [mailto:Maarten.Broekman@FMR.COM]
> Sent: Friday, May 16, 2003 3:08 PM
> To: 'users@httpd.apache.org'
> Subject: RE: [users@httpd] apache with my own libraries
>
> Have you tried setting the LD_LIBRARY_PATH in apachectl? That would be the
> place I'd put it if I didn't want to require other people to have it set
> individually. Mind you, this won't prevent library hijacking. Anyone can
> use the LD_LIBRARY_PATH environment variable to change the search path for
> libraries.
> An alternate choice would be to use crle to update the library search
path.
> Example from the man page for crle:
> Example 1: Update (and display) of a new default search path
> for ELF objects
> example% crle -u -l /local/lib
> example% crle
> Configuration file [2]: /var/ld/ld.config
> Default Library Path (ELF): /usr/lib:/local/lib
> Trusted Directories (ELF): /usr/lib/secure (system default)
> Command line:
> crle -l /usr/lib:/local/lib
> example% crle -u -l /usr/local/lib
> example% crle
> Configuration file [2]: /var/ld/ld.config
> Default Library Path (ELF): /usr/lib:/local/lib:/usr/local/lib
> Trusted Directories (ELF): /usr/lib/secure (system default)
> Command line:
> crle -l /usr/lib:/local/lib:/usr/local/lib
> In this example, the default configuration file initially
> did not exist, and thus the new search path /local/lib is
> appended to the system default. The next update appends the
> search path /usr/local/lib to those already established in
> the configuration file.
>
> regards,
> maarten
> -----Original Message-----
> From: t-systems-fitz [mailto:t-systems-fitz@web.de]
> Sent: Friday, May 16, 2003 8:54 AM
> To: users@httpd.apache.org
> Subject: RE: [users@httpd] apache with my own libraries
>
> Hello,
> this is exactly, what I did with LDFLAGS=-R/opt/apache/lib ./configure
> ....But I also tried LD_RUN_PATH=/opt/apache/lib.
> After compiling the same result, ldd shows the libraries, but by starting
> httpsd same error in loading shared library.
> btw: gcc version 2.95.3 20010315 (release)
> best regards fitz
>
> -----Original Message-----
> From: Boyle Owen [mailto:Owen.Boyle@swx.com]
> Sent: Friday, May 16, 2003 2:36 PM
> To: users@httpd.apache.org
> Subject: RE: [users@httpd] apache with my own libraries
> >-----Original Message-----
> >From: t-systems-fitz [mailto:t-systems-fitz@web.de]
> >
> >I can't use the LD_LIBRARY_PATH because the httpsd starts with
> >suid.
> An alternative to LD_LIBRARY_PATH, is to use LD_RUN_PATH. If this is set
> at compile time, this path will be built into the binary. The advantage
> is that you don't need LD_LIBRARY_PATH any more, the disadvatage is that
> the binary is less portable - it won't run on a machine with the libs in
> a different place (this was the point of LD_LIBRARY_PATH in the first
> place).
> Some people have a strong aversion to LD_LIBRARY_PATH -
> http://www.visi.com/~barr/ldpath.html
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored.
> >In my
> >environment the webadmins should be able to start the httpsd.
> >So we use the
> >suid-Bit (apache listens to a priviliged port). But if the
> >webadmins sets
> >LD_LIBRARY_PATH to the right path and starts httpsd, it
> >doesn't work. It
> >seems that the path-infos are not used by httpsd, because it
> >starts with
> >rootrights. I think this is normal, otherwise any user could change the
> >LD_LIBRARY_PATH to his own libraries and this would have
> >securityproblems.
> >Do you have a solution for my problem???
> >
> >best regards fitz
> >
> >
> >-----Original Message-----
> >From: Broekman, Maarten [mailto:Maarten.Broekman@FMR.COM]
> >Sent: Friday, May 16, 2003 1:36 PM
> >To: 'users@httpd.apache.org'
> >Subject: RE: [users@httpd] apache with my own libraries
> >
> >Why don't you want to set your LD_LIBRARY_PATH? That's the
> >standard why of
> >including new library paths. Since /opt/apache/lib is not defined as a
> >standard path, you need to make sure to set it for all
> >applications that
> >need to access the libraries there. There's no way to get any
> >application
> >to use a non-standard library path without including it in the
> >LD_LIBRARY_PATH.
> >Apache is currently compiled with the libraries in /opt/apache/lib. The
> >problem is that when you start Apache, it doesn't know how to
> >find those
> >libraries. It just knows it wants libssl.so.0.9.7 but it can't
> >find it in
> >it's library path. ldd will show you which library was used to
> >compile the
> >binary. You need to make sure all the paths to the libraries used are a
> >part of your library path in order for the binary to work
> >after compilation.
> >regards,
> >maarten
> >-----Original Message-----
> >From: t-systems-fitz [mailto:t-systems-fitz@web.de]
> >Sent: Friday, May 16, 2003 7:27 AM
> >To: users@httpd.apache.org
> >Subject: [users@httpd] apache with my own libraries
> >
> >Hello,
> >I have problems with running apache with ssl on a solaris 2.8
> >box. I use
> >apache 1.3.27, apache-ssl 1.48 and openssl 0.9.7. I absolute
> >don't want to
> >use the ssl-libraries of the system (openssl 0.9.6), so I
> >compiled openssl
> >0.9.7 with option shared and installed the libraries under
> >/opt/apache/lib.
> >Now I configure apache-ssl like that:
> >LDFLAGS=-R/opt/apache/lib
> >./configure --prefix=/opt/apache --enable-module=proxy
> >--enable-module=so --
> >enable-rule=SHARED_CORE
> >Unfortunately so so compiled httpsd doesn't start:
> >ld.so.1: /opt/apache/bin/httpsd: fatal: libssl.so.0.9.7: open
> >failed: No
> >such file or directory
> >But if I use ldd I can see:
> >ldd /opt/apache/bin/httpsd
> >libsocket.so.1 => /usr/lib/libsocket.so.1
> >libnsl.so.1 => /usr/lib/libnsl.so.1
> >libpthread.so.1 => /usr/lib/libpthread.so.1
> >libdl.so.1 => /usr/lib/libdl.so.1
> >libssl.so.0.9.7 => /opt/apache/lib/libssl.so.0.9.7
> >libcrypto.so.0.9.7 => /opt/apache/lib/libcrypto.so.0.9.7
> >libc.so.1 => /usr/lib/libc.so.1
> >libmp.so.2 => /usr/lib/libmp.so.2
> >libthread.so.1 => /usr/lib/libthread.so.1
> >/usr/platform/SUNW,Sun-Fire-480R/lib/libc_psr.so.1
> >so ldd knows the corret path of my ss-libraries.
> >I don't want to set the LD_LIBRARY_PATH (this would work) and
> >I don't want
> >to use and update the system-libraries (no root rights).
> >How can I compile apache that it uses my own libraries in
> >/opt/apache/lib
> >????
> >best regards fitz
> >
> >
> >---------------------------------------------------------------------
> >The official User-To-User support forum of the Apache HTTP
> >Server Project.
> >See <URL:http://httpd.apache.org/userslist.html> for more info.
> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >" from the digest: users-digest-unsubscribe@httpd.apache.org
> >For additional commands, e-mail: users-help@httpd.apache.org
> >---------------------------------------------------------------------
> >The official User-To-User support forum of the Apache HTTP
> >Server Project.
> >See <URL:http://httpd.apache.org/userslist.html> for more info.
> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >" from the digest: users-digest-unsubscribe@httpd.apache.org
> >For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
> >---------------------------------------------------------------------
> >The official User-To-User support forum of the Apache HTTP
> >Server Project.
> >See <URL:http://httpd.apache.org/userslist.html> for more info.
> >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > " from the digest: users-digest-unsubscribe@httpd.apache.org
> >For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
> Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
> keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Swiss Exchange.
> This e-mail is of a private and personal nature. It is not related to
> the exchange or business activities of the SWX Swiss Exchange. Le
> présent e-mail est un message privé et personnel, sans rapport avec
> l'activité boursière de la SWX Swiss Exchange
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission.
> If you receive this message in error, please notify the sender urgently
> and then immediately delete the message and any copies of it from your
> system. Please also immediately destroy any hardcopies of the message.
> You must not, directly or indirectly, use, disclose, distribute, print,
> or copy any part of this message if you are not the intended recipient.
> The sender's company reserves the right to monitor all e-mail
> communications through their networks. Any views expressed in this
> message are those of the individual sender, except where the message
> states otherwise and the sender is authorised to state them to be the
> views of the sender's company.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message