i am testing the chroot feature of peruser and i am not able to run any
system tool when it is activated.
> <?php
> ini_set('display_errors', 'On');
> error_reporting(E_ALL);
> $ret = shell_exec('echo x:$PATH:x');
> var_dump($ret);
> $ret = shell_exec('/bin/ls /');
> var_dump($ret);
> ?>
<Processor test>
User test
Group www
Chroot /var/www/test
</Processor>
RESULT: NULL NULL
<Processor test>
User test
Group www
#Chroot /var/www/test
</Processor>
RESULT: string(33) "x:/usr/local/bin:/usr/bin:/bin:x " string(130) "bin
boot cdrom dev emul etc home initrd.img lib lib64 lost+found media mnt opt
proc root sbin selinux srv sys tmp usr var vmlinuz "
JUST A TESTENV... :)
jk_init -v -j /var/www/test basicshell editors extendedshell netutils ssh
sftp scp
r...@levana /> tree -L 2 /var/www/test
/var/www/test
|-- bin
| |-- bash
| |-- cat
| |-- chmod
| |-- cp
| |-- cpio
| |-- date
| |-- dd
| |-- echo
| |-- egrep
| |-- false
| |-- fgrep
| |-- grep
| |-- gunzip
| |-- gzip
| |-- ln
| |-- ls
| |-- mkdir
| |-- mktemp
| |-- more
| |-- mv
| |-- nano
| |-- pwd
| |-- rm
| |-- rmdir
| |-- sed
| |-- sh -> bash
| |-- sleep
| |-- sync
| |-- tar
| |-- touch
| |-- true
| |-- uncompress
| `-- zcat
|-- dev
| |-- null
| |-- tty
| `-- urandom
|-- etc
| |-- alternatives
| |-- bash.bashrc
| |-- group
| |-- host.conf
| |-- hosts
| |-- issue
| |-- ld.so.cache
| |-- ld.so.conf
| |-- motd -> /var/run/motd
| |-- nsswitch.conf
| |-- passwd
| |-- profile
| |-- protocols
| |-- resolv.conf
| |-- services
| |-- terminfo
| `-- vim
|-- lib
| |-- libacl.so.1 -> libacl.so.1.1.0
| |-- libacl.so.1.1.0
| |-- libattr.so.1 -> libattr.so.1.1.0
| |-- libattr.so.1.1.0
| |-- libc-2.7.so
| |-- libc.so.6 -> libc-2.7.so
| |-- libcom_err.so.2 -> libcom_err.so.2.1
| |-- libcom_err.so.2.1
| |-- libcrypt-2.7.so
| |-- libcrypt.so.1 -> libcrypt-2.7.so
| |-- libdl-2.7.so
| |-- libdl.so.2 -> libdl-2.7.so
| |-- libkeyutils-1.2.so
| |-- libkeyutils.so.1 -> libkeyutils-1.2.so
| |-- libm-2.7.so
| |-- libm.so.6 -> libm-2.7.so
| |-- libncurses.so.5 -> libncurses.so.5.7
| |-- libncurses.so.5.7
| |-- libncursesw.so.5 -> libncursesw.so.5.7
| |-- libncursesw.so.5.7
| |-- libnsl-2.7.so
| |-- libnsl.so.1 -> libnsl-2.7.so
| |-- libnss_compat-2.7.so
| |-- libnss_compat.so.2 -> libnss_compat-2.7.so
| |-- libnss_dns-2.7.so
| |-- libnss_dns.so.2 -> libnss_dns-2.7.so
| |-- libnss_files-2.7.so
| |-- libnss_files.so.2 -> libnss_files-2.7.so
| |-- libnss_hesiod-2.7.so
| |-- libnss_hesiod.so.2 -> libnss_hesiod-2.7.so
| |-- libnss_nis-2.7.so
| |-- libnss_nis.so.2 -> libnss_nis-2.7.so
| |-- libnss_nisplus-2.7.so
| |-- libnss_nisplus.so.2 -> libnss_nisplus-2.7.so
| |-- libpthread-2.7.so
| |-- libpthread.so.0 -> libpthread-2.7.so
| |-- libresolv-2.7.so
| |-- libresolv.so.2 -> libresolv-2.7.so
| |-- librt-2.7.so
| |-- librt.so.1 -> librt-2.7.so
| |-- libselinux.so.1
| |-- libutil-2.7.so
| |-- libutil.so.1 -> libutil-2.7.so
| `-- terminfo
|-- lib64 -> /lib
|-- tmp
|-- usr
| |-- bin
| |-- lib
| `-- share
`-- var
|-- run
`-- www
any idea? how to you create your chroot/jail? do you not need tools like
unzip or tar...?
On Fri, 09 Oct 2009 11:30:56 +0200, Jille Timmermans <[email protected]>
wrote:
> Stefan Klingner schreef:
>> hi @all,
>>
>> thanks for the answers.
>>
>> from phpinfo()...
>>
>> open_basedir = no value
>> safe_mode = off
>>
>> result of passthru('echo $PATH'); -> NOTHING
>>
> It is very unlikely that this will give no result at all.
> Please try:
> <?php
> ini_set('display_errors', 'On');
> error_reporting(E_ALL);
> $ret = shell_exec('echo x:$PATH:x');
> var_dump($ret);
> $ret = shell_exec('/bin/ls /');
> var_dump($ret);
> ?>
>
> By the way: Are you testing chroot inside jails ? That sounds
oversecured
> ;)
> Is there any interest in peruser-jail support ? If so I will take a look
> at it.
>
> -- Jille
>> how do you have created your jails? which tools do you used? have
someone
>> experience with jailkit. it looks like a really powerfull tool and it
is
>> maintained very well.
>>
>> i used jailkit...
>>
>> jk_init -j /home/user basicshell
>> jk_jailuser user
>>
>> please help me getting this stuff working because i want to write the
>> chroot tutorial for peruser. :)
>>
>> On Thu, 08 Oct 2009 23:02:21 +0200, Leen Besselink
>> <[email protected]>
>> wrote:
>>
>>> Jille Timmermans wrote:
>>>
>>>> Stefan Klingner schreef:
>>>>
>>>>> i try to run a command like "ls /" from a php script inside a jail.
>>>>>
>> the
>>
>>>>> jail was created with jailkit and contain the tool + all required
>>>>> libaries. if i write exec("ls /"); in a php script, it returns
>>>>>
>> nothing.
>>
>>>>> have someone an idea? possibly the processor do not have the path or
>>>>>
>> do
>>
>>>>> not know how to find the executable?
>>>>>
>>>>>
>>>>>
>>>> Would you please try:
>>>>
>>>> passthru('echo $PATH'); // output should contain /bin; if not: the
>>>>
>> shell
>>
>>>> interpreter can not find 'ls'; and you have to specify it as
'/bin/ls'.
>>>> passthru('ls -l /bin/sh'); // might give info about executability
>>>>
>>>> And of course check whether safe-mode is off ;)
>>>>
>>>>
>>> And possibly: open_basedir ?
>>>
>>>
>>>> -- Jille
>>>> _______________________________________________
>>>> Peruser mailing list
>>>> [email protected]
>>>> http://www.telana.com/mailman/listinfo/peruser
>>>>
>>>>
>>> _______________________________________________
>>> Peruser mailing list
>>> [email protected]
>>> http://www.telana.com/mailman/listinfo/peruser
>>>
>> _______________________________________________
>> Peruser mailing list
>> [email protected]
>> http://www.telana.com/mailman/listinfo/peruser
>>
> _______________________________________________
> Peruser mailing list
> [email protected]
> http://www.telana.com/mailman/listinfo/peruser
_______________________________________________
Peruser mailing list
[email protected]
http://www.telana.com/mailman/listinfo/peruser
