http://qs321.pair.com?node_id=172499

Foncé has asked for the wisdom of the Perl Monks concerning the following question:

Alright, so I'm new at this...I've only been *attempting* to write Perl for a few months now, and I've run into my first serious block. I'm one of those people whose job involves doing pretty much everything computer for a small company, so they expect me to know everything, too. Here's the problem:

I'm trying to install a relatively simple email Perl/CGI app (which I did not write, as mine didn't work at all) on an Apache webserver, nothing out of the ordinary, but I keep getting 500 server errors (almost that many, too). I've checked and checked and messed and messed, and I am at a loss. Here's what the log says:
/usr/bin/perl: error in loading shared libraries: /usr/lib/libdb.so.2. +0.0: undefined symbol: _xstat [Sat Mar 30 01:17:33 2002] [error] [client 208.235.34.155] Premature e +nd of script headers: /www/cgi-bin/amail/scripts/amail.cgi [Sat Mar 30 02:14:15 2002]
I get this every time I try to login. Some of the programme works, some doesn't. So...here's a link to the source code, zipped, of course, and...this is my cry for help. I'm hoping this will improve my overall Perl 'prowess'. Thanks in advance for correcting my insolence. No, really, thanks.

Hey, feel free to email me if you'd like. webmaster_at_isotopelounge.com

Edited by mirod 2002-06-07: changed the title and munged the contact email, as requested by the author.

Foncé

Replies are listed 'Best First'.
Re: The Man Who Knew Too Little
by cjf (Parson) on Jun 07, 2002 at 12:34 UTC

    Don't use those scripts, take them offline now. Yes right now.

    They have many major security vulnerabilities including using unchecked parameters as the path to open files. Please read Essential CGI Security Practices and make sure you understand all the points before placing a script online.

      Hmm...okay then. Will do.

      In the meantime...aside from writing my own script, which is just not that good of an idea (yet) since I know so little, do you have any suggestions of a secure programme to use?

        A start would be looking at the NMS scripts. They won't replace it but will give you a few parts (such as a good formmail script) that could help.

Re: The Man Who Knew Too Little
by hacker (Priest) on Jun 07, 2002 at 12:43 UTC
    It sounds like your perl was incorrectly built, or you have an issue with libdb. I'd start by reinstalling libdb.

    Is this a Redhat system?

    What does ldconfig -v | grep db show?

      Yes, it's a RedHat system. Unfortunately, my company is cheap and they have yet to give me my own webserver. So...I don't have shell access.
        As mentioned, the scripts I was working with are very much not secure, so I won't use them.
Re: Apache/CGI config and shared library problem (xstat?) ( was: The Man Who Knew Too Little)
by perigeeV (Hermit) on Jun 07, 2002 at 15:37 UTC

    I doubt this problem is within your control. Based on your above reply I assume you're using a hosting company. I am speculating, but it's possible that you are being run within a chroot jail, and the admins have not properly populated the tree with needed libs. Another possibilty is they have moved the perl binary onto an upgraded system without rebuilding perl. Anyone remember the libc6/glibc2 problem on RedHat?

    Whatever the case, you need to talk to support.


      Alright. I've had problems with libraries and modules before and had to force (and I do mean force) them to reinstall perl and everything associated. So, I'll ask them what gives as suggested.