Denys Vlasenko wrote:
On Thu, Jun 26, 2014 at 11:45 AM, Morten Kvistgaard
<m...@pch-engineering.dk> wrote:
I've attached my strace.
I'm not sure that it tells me anything though.
I've run: sudo strace -p<inetd_pid> -f -o ftpd.strace
Is there a better way?
Anyway, the current code will exit jail with the following code:
...
if (fchdir(G.root_fd) != 0)
_exit(127);
...
But on my Ubuntu and uClinux that's not enough to break out of jail.
What do you mean? In your strace, fchdir succeeds:
15144 fchdir(3 <unfinished ...>
15143 <... mmap2 resumed> ) = 0xb77d0000
15144 <... fchdir resumed> ) = 0
And so the following code will fail:
...
/* + 1: we must use relative path here if in chroot.
* For example, execv("/proc/self/exe") will fail, since
* it looks for "/proc/self/exe" _relative to chroot!_ */
execv(bb_busybox_exec_path + 1, (char**) argv);
_exit(127);
...
The strace might reflect this:
...
execve("proc/self/exe", ["ftpd", "-l", "/"], [/* 9 vars */]) = -1 ENOENT (No
such file or directory)
...
This is strange. Any ideas why this fails on your machine?
Morten Kvistgaard wrote:
But on my Ubuntu and uClinux that's not enough to break out of jail. And so the
following code will fail:
I have no idea why soneone would use NOMMU on Ubuntu, but most likely
busybox is dynamically linked and therefor exec busybox fails because it
doesn't find the dynamic linker. Even if it would find the dynamic
linker, the linker wouldn't find the dynamic libraries.
Why does the child process only chdir and no chroot?
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
