Fix “Can’t do setuid (cannot exec sperl)”

June 6th, 2011

I recently needed to run a perl script with setuid bit set. This allows the script to run as the user the script’s file is owned by. In this case, I needed the script to run as root.

Since doing this can be very dangerous, Perl does something very nice by default: If you have the setuid bit set on the script, it forces the script to run in Taint Mode which helps to ensure proper sanitation of the environment and inputs. By doing this, Perl can help lock down possible attack vectors that can compromise the security of your script. This isn’t perfect however, so I do recommend that you read up on Perl’s security measures.

So now down to the main point of this post. I tried to run the script with the setuid bit set, and I got the following error message:

[user@server ~]$ run-script

Can't do setuid (cannot exec sperl)

Well that certainly puts a damper on things. Fortunately, the solution is easy. There is simply an additional package that needs to be installed to provide the wrapper program that puts this Perl security in place.

For Debian (Ubuntu, Mint, etc as well), run the following:

[user@server ~]$ sudo apt-get install perl-suid

For CentOS, run the following:

[user@server ~]$ sudo yum install perl-suidperl
Categories Linux, Tips 'n Tricks
Comments (1)

Fix aMember “MYSQL ERROR: MySQL server has gone away in query: INSERT INTO amember_access_log”

January 21st, 2011

I recently encountered a very frustrating problem with aMember (as if I haven’t encountered enough annoying problems with it already).

A customer said that they couldn’t log in. Each time they tried to log in, they would get the following error message in their browser:

MYSQL ERROR:<br />MySQL server has gone away<br />in query:<br />INSERT INTO amember_access_log (member_id, remote_addr, url, referrer) VALUES (ID, 'IP_ADDRESS', '/member/member.php', 'URL')

After scratching my head a bit, I delved into the aMember code and found the problem in the plugins/db/mysql/mysql.inc.php file which is where the log_access and log_remote_access functions are located. Both of these functions make use of the gethostbyaddr PHP function. While this is a handy function, it should never be used in time-sensitive code (such as code that is run as part of a website; such as exactly how aMember uses this function).

The reason is that this function provides no reasonable timeout control, so if the function takes forever to return something, your code has halted until it finishes. In this instance, the visitor had a remote IP that just could not be reversed. This caused the gethostbyaddr function to halt the aMember code for 20 seconds until it finally failed and returned the original IP address. While waiting for this function to return, the MySQL server naturally got tired of waiting and did other things, so when the code finally tried to keep running, everything quickly fell apart.

So ends the theory, time for a fix.

The lines of code that have the gethostbyaddr calls aren’t necessary by any means, so they can be commented out completely. The lines to be commented out are 1605, 1606, 1617, and 1618. Such as the following:

1605 and 1606:

//        if (preg_match('/proxy\.aol\.com$/', gethostbyaddr($REMOTE_ADDR)))
//            return;

1617 and 1618:

//        if (preg_match('/proxy\.aol\.com$/', gethostbyaddr($ip)))
//            return;

I would show more code to give better context, but since aMember has a proprietary license, I won’t.

Note that there are more instances of gethostbyaddr in aMember. The aMember devs are kind enough to put the other gethostbyaddr calls in the PaySbuy, NETbilling, ccbill, and WorldPay payment processing plugins. No worries, this problem can only be found in the payment processing code, what could possibly go wrong?

The specific files that have these calls are:

  • plugins/payment/paysbuy/ipn.php
  • plugins/payment/netbilling_cc/netbilling_cc.inc.php
  • plugins/payment/ccbill/ipn.php
  • plugins/payment/worldpay/ipn.php
Categories Tips 'n Tricks
Comments (0)

Links to Named Anchors or Element IDs Fail in Internet Explorer 8

October 20th, 2010

I recently ran into an interesting situation where clicking a link to a named anchor (a link such as “#top” linking to “<a name="top">” or “<div id="top">“) failed in Internet Explorer 8. Strangely, it worked properly in every other browser I tested (Firefox, Chrome, Opera, and Safari) and it worked properly on other tested versions of IE (6,7, and 9). It was just Internet Explorer 8 that was broken.

I created a very simple example page that shows this bug. The important elements are the empty named A tag and the container with the “overflow:hidden” rule. The rest of the content and the width is simply to allow enough height to show the functionality or lack thereof of the link.

So the key elements of this bug are:

  1. An empty named A tag or any empty element with an ID. Adding text inside the element allows for the link to work properly.
  2. A container with “overflow:hidden” around the link, element that is linked to, or both. I tested removing either the link or the element linked to from the div in the example, and IE 8 still failed to allow the link to function in both cases.

Given that the “overflow: hidden” rule could be very important or useful for the design, the solution to this issue is very simple. Either you add text to the empty element or remove the empty element and add the removed name/id to an element that does have content. Since adding text is probably not what you want, simply moving the anchor point to another element will probably do what you want and have very little impact on the functionality.

For example, if you have the following:

<a name="purchase"></a>
<h3>Purchase</h3>

Change it to:

<h3 id="purchase">Purchase</h3>

It will do the same thing and avoid this annoying IE 8 issue.

For those interested, the filler content was generated with the great Gangsta Lorem Ipsum.

Categories Development
Comments (8)

Fix “WordPress database error Table … is marked as crashed and should be repaired”

August 30th, 2010

All the content on my site was gone. When I went to investigate, I found my error log was filled with the following error:

WordPress database error Table ‘./database_name/prefix_posts’ is marked as crashed and should be repaired for query SELECT YEAR(post_date) AS `year`, MONTH(post_date) AS `month`, count(ID) as posts FROM prefix_posts  WHERE post_type = ‘post’ AND post_status = ‘publish’ GROUP BY YEAR(post_date), MONTH(post_date) ORDER BY post_date DESC  made by require, require_once, include, do_action, call_user_func_array, flexx_after_content, get_sidebar, locate_template, load_template, require_once, dynamic_sidebar, call_user_func_array, WP_Widget->display_callback, WP_Widget_Archives->widget, wp_get_archives

A very scary looking error, but it was easy to fix.

My Preferred Repair Method

[user@server ~/public_html]$ mysql -u user -p

Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1120449
Server version: 5.1.48 MySQL Community Server (GPL)

Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL v2 license

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> connect database

Connection id:    1120477
Current database: database

mysql> select * from prefix_posts limit 1;

ERROR 2006 (HY000): MySQL server has gone away

No connection. Trying to reconnect...

Connection id:    1120568

Current database: database



ERROR 145 (HY000): Table './database/prefix_posts' is marked as crashed and should be repaired

mysql> repair table prefix_posts;

+-----------------------+--------+----------+----------+

| Table                 | Op     | Msg_type | Msg_text |

+-----------------------+--------+----------+----------+

| database.prefix_posts | repair | status   | OK       |

+-----------------------+--------+----------+----------+

1 row in set (3.56 sec)



mysql> select * from prefix_posts limit 1;

+----+-------------+---------------------+---------------------+--------------+------------+---------------+--------------+-------------+----------------+-------------+---------------+-----------+---------+--------+---------------------+---------------------+-----------------------+-------------+------------------------------------------------------------+------------+------------+----------------+---------------+

| ID | post_author | post_date           | post_date_gmt       | post_content | post_title | post_category | post_excerpt | post_status | comment_status | ping_status | post_password | post_name | to_ping | pinged | post_modified       | post_modified_gmt   | post_content_filtered | post_parent | guid                                                       | menu_order | post_type  | post_mime_type | comment_count |

+----+-------------+---------------------+---------------------+--------------+------------+---------------+--------------+-------------+----------------+-------------+---------------+-----------+---------+--------+---------------------+---------------------+-----------------------+-------------+------------------------------------------------------------+------------+------------+----------------+---------------+

| 12 |           8 | 2008-05-20 10:09:49 | 2008-05-20 15:09:49 |              | 308image1  |             0 |              | inherit     | open           | open        |               | 308image1 |         |        | 2008-05-20 10:09:49 | 2008-05-20 15:09:49 |                       |           0 | http://gaarai.com/wp-content/uploads/2008/05/308image1.gif |          0 | attachment | image/gif      |             0 |

+----+-------------+---------------------+---------------------+--------------+------------+---------------+--------------+-------------+----------------+-------------+---------------+-----------+---------+--------+---------------------+---------------------+-----------------------+-------------+------------------------------------------------------------+------------+------------+----------------+---------------+

1 row in set (0.00 sec)



mysql> exit

Bye

[user@server ~/public_html]$

For me, this was the easiest and quickest way to repair the table.

Repairing Tables with phpMyAdmin

For you, you might prefer to use phpMyAdmin. Fortunately, repairing a table with phpMyAdmin is easy.

  1. Log in to your phpMyAdmin or connect to it via your cPanel back-end.
  2. Select the database with the crashed table.
  3. Put a checkmark next to each crashed table.
  4. Select “Repair table” from the “With selected:” drop down at the bottom of the list.
  5. Let phpMyAdmin do its thing.
Categories Linux, Tips 'n Tricks, WordPress
Comments (2)

Fix PHP 4 “Client does not support authentication protocol requested by server”

May 25th, 2010

I’m working on building an ideal server setup that allows for both PHP 4 and PHP 5 on Apache with suPHP (I’ll blog about this later). While testing my PHP 4 build, I got the following error:

Warning: mysql_connect() [function.mysql-connect]: Client does not support authentication protocol requested by server; consider upgrading MySQL client in /var/www/test-php.php on line 3
Couldn’t authenticate with MySQL

The code I used to test this is quite simple:

<?php

if ( false === ( $db = mysql_connect( 'localhost', 'username', 'password' ) ) )
    die( "Couldn't authenticate with MySQL" );

if ( false === mysql_select_db( 'database' ) )
    die( "Couldn't connect to database" );

echo "Yay!";

?>

After digging around for a bit, I found that mixing PHP 4 with a MySQL version greater than or equal to 4.1 causes this problem. MySQL 4.1 introduced a new password caching scheme that PHP 4 can’t work with.

The solution is to update the database user’s password using the OLD_PASSWORD function of MySQL. For example:

[chris@office ~]$ mysql -u root -p mysql

Enter password:
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 267
Server version: 5.1.41-3ubuntu12.1 (Ubuntu)

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> update user set Password=OLD_PASSWORD('password') WHERE User='username';

Query OK, 0 rows affected (0.02 sec)

Rows matched: 0  Changed: 0  Warnings: 0



mysql> flush privileges;

Query OK, 0 rows affected (0.00 sec)



mysql>

Note the underlined areas. That is where you’ll want to provide your own username and password.

Once you’ve followed these steps, both PHP 4 and PHP 5 will be able to communite with the database.

Thanks to digitalpeer for providing the answer to my issue.

Categories Linux
Comments (2)

MySQL ERROR 1018: Unable to Follow Symlink in Ubuntu

May 21st, 2010

I recently had a issue getting MySQL to read a specific database. Each time I tried to manually query a table in the database, I received the following error message:

ERROR 1018 (HY000): Can't read dir of './default/' (errno: 13)

I’ve seen this message before as it means that there is a permissions issue. I checked the ownerships and permissions, and everything seemed to be in order.

The only thing special about this database is that I have it symlinked to another partition. This has always worked in the past, so I was stumped.

The problem turned out to be that Ubuntu has AppArmor. This software sets up rules that prevent software from gaining access to different areas of the file system. In my case, AppArmor was preventing read and write access to the actual location of my database files.

The solution was quite easy: First, I added the path that I wanted MySQL to have access to in the AppArmor configuration file for MySQL. Second, I restarted the apparmor service. Here’s the technical details:

  1. On my system, the configuration file that controls MySQL permissions through AppArmor are located at /etc/apparmor.d/usr.sbin.mysqld. The following shows the contents of the file as it now exists: 
    # vim:syntax=apparmor
# Last Modified: Tue Jun 19 17:37:30 2007
#include 

/usr/sbin/mysqld {
  #include
  #include
  #include
  #include
  #include 

  capability dac_override,
  capability sys_resource,
  capability setgid,
  capability setuid,

  network tcp,

  /etc/hosts.allow r,
  /etc/hosts.deny r,

  /etc/mysql/*.pem r,
  /etc/mysql/conf.d/ r,
  /etc/mysql/conf.d/* r,
  /etc/mysql/my.cnf r,
  /usr/sbin/mysqld mr,
  /usr/share/mysql/** r,
  /var/log/mysql.log rw,
  /var/log/mysql.err rw,
  /var/lib/mysql/ r,
  /var/lib/mysql/** rwk,
  /var/log/mysql/ r,
  /var/log/mysql/* rw,
  /var/run/mysqld/mysqld.pid w,
  /var/run/mysqld/mysqld.sock w,
  /home/sites/default/mysql/ rw,
  /home/sites/default/mysql/* rw,

  /sys/devices/system/cpu/ r,
}

    The two lines in bold show what I added to the configuation. The first line gives read and write access to the directory itself while the second gives read and write access to the files contained in the directory.

  2. After saving the configuration changes, I simply needed to restart the AppArmor daemon. I did this with the following command: 
    [chris@rommie ~]$ sudo service apparmor restart

 * Reloading AppArmor profiles
Skipping profile in /etc/apparmor.d/disable: usr.bin.firefox
Categories Development, Linux, Tips 'n Tricks
Comments (6)

ColorZilla, CSSViewer, and Live HTTP Headers: Updated for Firefox 3.6

January 27th, 2010

When newer versions of Firefox come out, there are always a few add-ons that fail to update quickly enough. After about a week of waiting, I’ve become tired of waiting for some of my add-ons to update themselves. These add-ons are ColorZilla (white reports 3.6.* compatibility, but it won’t install/update on 3.6), CSSViewer, and Live HTTP Headers.

Fortunately, updating is a simple matter. Just do the following:

  • Download the xpi file for the add-on
  • Open up the downloaded xpi file as a zip file
  • Open the install.rdf file inside the xpi file
  • Search for the targetApplication section with an id of {ec8030f7-c20a-464f-9b0e-13a3a9e97384}
  • Change that section’s maxVersion to the version number to whatever Firefox version you want to be supported
  • Update the xpi file with the modified install.rdf file
  • Install the add-on by dragging the xpi file onto the Firefox window and clicking the Install button (this works for upgrades as well)

Here are the modified xpi files for each of the add-ons:

Note: All of these add-ons were updated to work with 3.6.*. Of course, they may not be compatible with future versions of 3.6, so use at your own risk.

Keep in mind that if you manually upgrade an older add-on, you do so at your own risk. I tested these add-ons, and they all work properly with 3.6.

Categories Tips 'n Tricks
Comments (2)

Upgrade to Firefox 3.6 on Ubuntu 9.10

January 21st, 2010

One of my all-time most popular posts was how to upgrade to Firefox 3.5 in Ubuntu 9.04. Now it’s Firefox 3.6′s turn to be installed on my system that is now running Ubuntu 9.10.

The team working on Firefox have put a ton of effort into this release and, in order to make our browsing lives safer and faster, rolled a number of features scheduled for 3.7 into this release. Thanks for all the hard work guys.

Read the 3.6 release announcement for details about what is new with this release.

So now onto the installation. Here are the commands that I ran in terminal to install 3.6.

[chris@rommie ~]$ cd /tmp/

[chris@rommie /tmp]$ wget "http://download.mozilla.org/?product=firefox-3.6&os=linux&lang=en-US"

--2010-01-21 11:41:08--  http://download.mozilla.org/?product=firefox-3.6&os=linux&lang=en-US
Resolving download.mozilla.org... 63.245.209.58
Connecting to download.mozilla.org|63.245.209.58|:80... connected.
...

100%[=============================>] 10,161,471   924K/s   in 11s     

2010-01-21 11:41:20 (899 KB/s) - `firefox-3.6.tar.bz2' saved [10161471/10161471]

[chris@rommie /tmp]$ tar xvjf firefox-*.bz2

tar: Record size = 8 blocks
firefox/
firefox/update.locale
firefox/plugins/
firefox/plugins/libnullplugin.so
...
firefox/defaults/autoconfig/platform.js
firefox/defaults/autoconfig/prefcalls.js
firefox/libmozjs.so
[chris@rommie /tmp]$ sudo cp -r firefox /usr/lib/firefox-3.6

[sudo] password for chris:
[chris@rommie /tmp]$ sudo mv /usr/bin/firefox /usr/bin/firefox.old

[chris@rommie /tmp]$ sudo ln -s /usr/lib/firefox-3.6/firefox /usr/bin/firefox-3.6

[chris@rommie /tmp]$ sudo ln -s /usr/bin/firefox-3.6 /usr/bin/firefox

Simply run each command listed in white in your terminal to upgrade your system with the latest release version of Firefox.

After running these commands, close out Firefox, wait a few seconds to let everything shut down properly, and run Firefox again. If all the steps were executed properly and without error, you should be running 3.6. You can click Help > About Mozilla Firefox to confirm.

Happy browsing.

Categories Linux, Tips 'n Tricks
Comments (4)

Great Tutorial on Merging with Git

November 12th, 2009

One of the functions of Git that I still struggle with is merging. Recently, I found a post that shows a number of very helpful merging examples. If you work with Git and don’t fully understand merging, I recommend that you check it out.

Git merging by example

My thanks to Jonathan Rockway on providing this great guide.

Originally, I wanted to duplicate the content on my site in case the content on the linked to site ceased to exist. Ironically, just days after publishing this, the site has crashed. So, I’ve recovered the content from the crash and have duplicated it here. The remaining content is from the site I linked to and not my own. If the content stays down for long, I’ll clean up my duplicate of it.

Read More→

Categories Tips 'n Tricks
Comments (0)

VirtualBox Audio Driver for Windows 7

November 12th, 2009

I recently installed Windows 7 in VirtualBox, and unlike other OSes I’ve installed in VirtualBox, the sound driver wasn’t automatically recognized. I found a driver that works with both 32-bit and 64-bit versions.

VirtualBox Windows 7 Driver

I installed this both before and after installing the Guest Additions, but it didn’t matter what order the driver and Guest Additions were installed in.

Enjoy. :)

Categories Tips 'n Tricks
Comments (5)
« Previous Page
Next Page »

I believe that the free flow of information and ideas is key to the past and future development of mankind. Unless the content declares otherwise, the post content on this site is declared public domain (CC0 1.0 Universal) and can be used in any manner with or without attribution or permission. Of course, if you wish to give attribution back to me, that would be very nice. :)

This site is running WordPress with the iThemes Builder theme by iThemes.