where i can find libexec? possibly a stupid question but locate only returns /usr/lib/php5/libexec and adding this to the chroot change nothing. i searched for the lib in debian package database. no result. ...
r...@levana /lib> uname -a Linux levana 2.6.26-2-amd64 #1 SMP Fri Aug 14 07:12:04 UTC 2009 x86_64 GNU/Linux r...@levana /lib> cat /etc/debian_version 5.0.3 r...@levana /var/www/test> chroot /var/www/test /bin/sh chroot: cannot run command `/bin/sh': No such file or directory r...@levana /var/www/test> chroot /var/www/test /bin/bash chroot: cannot run command `/bin/bash': No such file or directory r...@levana /var/www/test> ls bin/bash bin/bash r...@levana /var/www/test> ls bin/sh bin/sh you are right. i am not able to login in On Fri, 09 Oct 2009 13:10:26 +0200, Jille Timmermans <[email protected]> wrote: > Stefan Klingner schreef: >> i am testing the chroot feature of peruser and i am not able to run any >> system tool when it is activated. >> >> >>> <?php >>> ini_set('display_errors', 'On'); >>> error_reporting(E_ALL); >>> $ret = shell_exec('echo x:$PATH:x'); >>> var_dump($ret); >>> $ret = shell_exec('/bin/ls /'); >>> var_dump($ret); >>> ?> >>> >> >> <Processor test> >> User test >> Group www >> Chroot /var/www/test >> </Processor> >> >> RESULT: NULL NULL >> > That looks like PHP can't start a shell interpreter (/bin/sh) to execute > the commands. >> <Processor test> >> User test >> Group www >> #Chroot /var/www/test >> </Processor> >> >> RESULT: string(33) "x:/usr/local/bin:/usr/bin:/bin:x " string(130) "bin >> boot cdrom dev emul etc home initrd.img lib lib64 lost+found media mnt >> opt >> proc root sbin selinux srv sys tmp usr var vmlinuz " >> >> JUST A TESTENV... :) >> >> jk_init -v -j /var/www/test basicshell editors extendedshell netutils ssh >> sftp scp >> >> r...@levana /> tree -L 2 /var/www/test >> /var/www/test >> |-- bin >> | |-- bash >> | |-- cat >> | |-- chmod >> | |-- cp >> | |-- cpio >> | |-- date >> | |-- dd >> | |-- echo >> | |-- egrep >> | |-- false >> | |-- fgrep >> | |-- grep >> | |-- gunzip >> | |-- gzip >> | |-- ln >> | |-- ls >> | |-- mkdir >> | |-- mktemp >> | |-- more >> | |-- mv >> | |-- nano >> | |-- pwd >> | |-- rm >> | |-- rmdir >> | |-- sed >> | |-- sh -> bash >> | |-- sleep >> | |-- sync >> | |-- tar >> | |-- touch >> | |-- true >> | |-- uncompress >> | `-- zcat >> |-- dev >> | |-- null >> | |-- tty >> | `-- urandom >> |-- etc >> | |-- alternatives >> | |-- bash.bashrc >> | |-- group >> | |-- host.conf >> | |-- hosts >> | |-- issue >> | |-- ld.so.cache >> | |-- ld.so.conf >> | |-- motd -> /var/run/motd >> | |-- nsswitch.conf >> | |-- passwd >> | |-- profile >> | |-- protocols >> | |-- resolv.conf >> | |-- services >> | |-- terminfo >> | `-- vim >> |-- lib >> | |-- libacl.so.1 -> libacl.so.1.1.0 >> | |-- libacl.so.1.1.0 >> | |-- libattr.so.1 -> libattr.so.1.1.0 >> | |-- libattr.so.1.1.0 >> | |-- libc-2.7.so >> | |-- libc.so.6 -> libc-2.7.so >> | |-- libcom_err.so.2 -> libcom_err.so.2.1 >> | |-- libcom_err.so.2.1 >> | |-- libcrypt-2.7.so >> | |-- libcrypt.so.1 -> libcrypt-2.7.so >> | |-- libdl-2.7.so >> | |-- libdl.so.2 -> libdl-2.7.so >> | |-- libkeyutils-1.2.so >> | |-- libkeyutils.so.1 -> libkeyutils-1.2.so >> | |-- libm-2.7.so >> | |-- libm.so.6 -> libm-2.7.so >> | |-- libncurses.so.5 -> libncurses.so.5.7 >> | |-- libncurses.so.5.7 >> | |-- libncursesw.so.5 -> libncursesw.so.5.7 >> | |-- libncursesw.so.5.7 >> | |-- libnsl-2.7.so >> | |-- libnsl.so.1 -> libnsl-2.7.so >> | |-- libnss_compat-2.7.so >> | |-- libnss_compat.so.2 -> libnss_compat-2.7.so >> | |-- libnss_dns-2.7.so >> | |-- libnss_dns.so.2 -> libnss_dns-2.7.so >> | |-- libnss_files-2.7.so >> | |-- libnss_files.so.2 -> libnss_files-2.7.so >> | |-- libnss_hesiod-2.7.so >> | |-- libnss_hesiod.so.2 -> libnss_hesiod-2.7.so >> | |-- libnss_nis-2.7.so >> | |-- libnss_nis.so.2 -> libnss_nis-2.7.so >> | |-- libnss_nisplus-2.7.so >> | |-- libnss_nisplus.so.2 -> libnss_nisplus-2.7.so >> | |-- libpthread-2.7.so >> | |-- libpthread.so.0 -> libpthread-2.7.so >> | |-- libresolv-2.7.so >> | |-- libresolv.so.2 -> libresolv-2.7.so >> | |-- librt-2.7.so >> | |-- librt.so.1 -> librt-2.7.so >> | |-- libselinux.so.1 >> | |-- libutil-2.7.so >> | |-- libutil.so.1 -> libutil-2.7.so >> | `-- terminfo >> |-- lib64 -> /lib >> |-- tmp >> |-- usr >> | |-- bin >> | |-- lib >> | `-- share >> `-- var >> |-- run >> `-- www >> > You seem to miss /var/www/test/libexec/ which contains the dynamic > linker (ld-elf.so.1). > What happens if you go into the chroot from your shell ? > # chroot /var/www/test /bin/sh > > I guess that won't work either. >> any idea? how to you create your chroot/jail? do you not need tools like >> unzip or tar...? >> > It is weird that jailkit does not install the ld-elf.so.1; but that's > the best thing I can come up with. > You can try: > # cp -pr /libexec /var/www/test/libexec > > to copy it into the jail en retry your tests. > > -- Jille >> On Fri, 09 Oct 2009 11:30:56 +0200, Jille Timmermans <[email protected]> >> wrote: >> >>> Stefan Klingner schreef: >>> >>>> hi @all, >>>> >>>> thanks for the answers. >>>> >>>> from phpinfo()... >>>> >>>> open_basedir = no value >>>> safe_mode = off >>>> >>>> result of passthru('echo $PATH'); -> NOTHING >>>> >>>> >>> It is very unlikely that this will give no result at all. >>> Please try: >>> <?php >>> ini_set('display_errors', 'On'); >>> error_reporting(E_ALL); >>> $ret = shell_exec('echo x:$PATH:x'); >>> var_dump($ret); >>> $ret = shell_exec('/bin/ls /'); >>> var_dump($ret); >>> ?> >>> >>> By the way: Are you testing chroot inside jails ? That sounds >>> >> oversecured >> >>> ;) >>> Is there any interest in peruser-jail support ? If so I will take a look >>> >> >> >>> at it. >>> >>> -- Jille >>> >>>> how do you have created your jails? which tools do you used? have >>>> >> someone >> >>>> experience with jailkit. it looks like a really powerfull tool and it >>>> >> is >> >>>> maintained very well. >>>> >>>> i used jailkit... >>>> >>>> jk_init -j /home/user basicshell >>>> jk_jailuser user >>>> >>>> please help me getting this stuff working because i want to write the >>>> chroot tutorial for peruser. :) >>>> >>>> On Thu, 08 Oct 2009 23:02:21 +0200, Leen Besselink >>>> <[email protected]> >>>> wrote: >>>> >>>> >>>>> Jille Timmermans wrote: >>>>> >>>>> >>>>>> Stefan Klingner schreef: >>>>>> >>>>>> >>>>>>> i try to run a command like "ls /" from a php script inside a jail. >>>>>>> >>>>>>> >>>> the >>>> >>>> >>>>>>> jail was created with jailkit and contain the tool + all required >>>>>>> libaries. if i write exec("ls /"); in a php script, it returns >>>>>>> >>>>>>> >>>> nothing. >>>> >>>> >>>>>>> have someone an idea? possibly the processor do not have the path or >>>>>>> >>>>>>> >>>> do >>>> >>>> >>>>>>> not know how to find the executable? >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> Would you please try: >>>>>> >>>>>> passthru('echo $PATH'); // output should contain /bin; if not: the >>>>>> >>>>>> >>>> shell >>>> >>>> >>>>>> interpreter can not find 'ls'; and you have to specify it as >>>>>> >> '/bin/ls'. >> >>>>>> passthru('ls -l /bin/sh'); // might give info about executability >>>>>> >>>>>> And of course check whether safe-mode is off ;) >>>>>> >>>>>> >>>>>> >>>>> And possibly: open_basedir ? >>>>> >>>>> >>>>> >>>>>> -- Jille >>>>>> _______________________________________________ >>>>>> Peruser mailing list >>>>>> [email protected] >>>>>> http://www.telana.com/mailman/listinfo/peruser >>>>>> >>>>>> >>>>>> >>>>> _______________________________________________ >>>>> Peruser mailing list >>>>> [email protected] >>>>> http://www.telana.com/mailman/listinfo/peruser >>>>> >>>>> >>>> _______________________________________________ >>>> Peruser mailing list >>>> [email protected] >>>> http://www.telana.com/mailman/listinfo/peruser >>>> >>>> >>> _______________________________________________ >>> Peruser mailing list >>> [email protected] >>> http://www.telana.com/mailman/listinfo/peruser >>> >> _______________________________________________ >> Peruser mailing list >> [email protected] >> http://www.telana.com/mailman/listinfo/peruser >> > _______________________________________________ > Peruser mailing list > [email protected] > http://www.telana.com/mailman/listinfo/peruser _______________________________________________ Peruser mailing list [email protected] http://www.telana.com/mailman/listinfo/peruser
