On 3/03/2012, at 9:38 PM, fRANz wrote: > Hi, > I tried to make ping working inside httpd chroot from php script. > Without chroot, ping works fine. > I don't know what I miss in this configuration: > > # uname -a > OpenBSD d7 5.0 GENERIC#59 i386 > > # cat /etc/rc.conf | grep httpd > # use -u to disable chroot, see httpd(8) > httpd_flags="-DSSL" # for normal use: "" (or "-DSSL" after reading ssl(8)) > > # ps ax | grep httpd > 28641 ?? Ss 0:00.29 httpd: parent [chroot /var/www] (httpd) > 2400 ?? I 0:00.14 httpd: child (httpd) > 28041 ?? I 0:00.14 httpd: child (httpd) > 13701 ?? I 0:00.12 httpd: child (httpd) > 32659 ?? I 0:00.13 httpd: child (httpd) > 15200 ?? I 0:00.12 httpd: child (httpd) > 20758 ?? I 0:00.08 httpd: child (httpd) > 11871 ?? I 0:00.03 httpd: child (httpd) > 7365 ?? I 0:00.04 httpd: child (httpd) > 12284 ?? I 0:00.06 httpd: child (httpd) > > # ls -ls > total 2744 > 512 ---------- 1 root bin 243784 Sep 22 16:06 bgpctl > 512 -r-sr-xr-x 1 root bin 235984 Aug 15 2011 femail > 480 -r-sr-xr-x 1 root bin 214748 Sep 22 16:06 ping > > (chmod u+s set a sticky bit on root account) > > # chroot -u www /var/www/ /bin/ping > usage: ping [-DdEefLnqRrv] [-c count] [-I ifaddr] [-i wait] > [-l preload] [-p pattern] [-s packetsize] [-T toskeyword] > [-t ttl] [-V rtable] [-w maxwait] host > > From this test, ping into chroot to 127.0.0.1 seems works fine for me. > > But if I launch ping from php script (I tried exec and shell_exec > functions) no output is reported, also apache logs don't report > nothing useful. >
Have you got /bin/sh (off the top of my head) in the chroot bin directory? I think PHP's exec tries to find that. What is the return code/output from exec/shell_exec? If 127, then that's a clue. See here for example - http://stackoverflow.com/questions/438618/illegal-command-error-code-127-in-p hp-exec-function The bit about error 127 and /bin/sh, not the guy who says just skip chroot! HTH. Thanks. > PHP version is 5.3.6, installed from packages. > PHP's safe_mode is turned off (I'm using standard /etc/php-5.3.ini file) > > /var wasn't mounted with noexec or something else: > > # mount > /dev/sd0a on / type ffs (local) > > What's wrong in this scenario? > Let me know if futher information are required. > BR, > -f