jille, try to imagine, that a 110kgx2m man hug you ;) Great, it works! tutorial will follow this month :)
On Fri, 09 Oct 2009 13:38:03 +0200, Jille Timmermans <[email protected]> wrote: > Stefan Klingner schreef: >> where i can find libexec? possibly a stupid question but locate only >> returns /usr/lib/php5/libexec and adding this to the chroot change >> nothing. >> i searched for the lib in debian package database. no result. ... >> >> r...@levana /lib> uname -a >> Linux levana 2.6.26-2-amd64 #1 SMP Fri Aug 14 07:12:04 UTC 2009 x86_64 >> GNU/Linux >> > ah, I assumed you were using FreeBSD when you said you were using > jails.. I'm sorry. > Linux' dynamic linker is located in /lib/ld-linux.so.* which you also > seem to be missing, so let's give that a try. > # cp /lib/ld-linux.so* /var/www/test/lib/ >> r...@levana /lib> cat /etc/debian_version >> 5.0.3 >> r...@levana /var/www/test> chroot /var/www/test /bin/sh >> chroot: cannot run command `/bin/sh': No such file or directory >> r...@levana /var/www/test> chroot /var/www/test /bin/bash >> chroot: cannot run command `/bin/bash': No such file or directory >> r...@levana /var/www/test> ls bin/bash >> bin/bash >> r...@levana /var/www/test> ls bin/sh >> bin/sh >> > If copying in ld-linux.so does not fix it; would you please provide me > the output of 'LD_LIBRARY_PATH=/var/www/test/lib:/var/www/test/usr/lib > ldd /var/www/test/bin/sh' ? > > -- Jille >> >> >> you are right. i am not able to login in >> >> On Fri, 09 Oct 2009 13:10:26 +0200, Jille Timmermans <[email protected]> >> wrote: >> >>> Stefan Klingner schreef: >>> >>>> i am testing the chroot feature of peruser and i am not able to run any >>>> system tool when it is activated. >>>> >>>> >>>> >>>>> <?php >>>>> ini_set('display_errors', 'On'); >>>>> error_reporting(E_ALL); >>>>> $ret = shell_exec('echo x:$PATH:x'); >>>>> var_dump($ret); >>>>> $ret = shell_exec('/bin/ls /'); >>>>> var_dump($ret); >>>>> ?> >>>>> >>>>> >>>> <Processor test> >>>> User test >>>> Group www >>>> Chroot /var/www/test >>>> </Processor> >>>> >>>> RESULT: NULL NULL >>>> >>>> >>> That looks like PHP can't start a shell interpreter (/bin/sh) to execute >>> >> >> >>> the commands. >>> >>>> <Processor test> >>>> User test >>>> Group www >>>> #Chroot /var/www/test >>>> </Processor> >>>> >>>> RESULT: string(33) "x:/usr/local/bin:/usr/bin:/bin:x " string(130) "bin >>>> boot cdrom dev emul etc home initrd.img lib lib64 lost+found media mnt >>>> opt >>>> proc root sbin selinux srv sys tmp usr var vmlinuz " >>>> >>>> JUST A TESTENV... :) >>>> >>>> jk_init -v -j /var/www/test basicshell editors extendedshell netutils >>>> >> ssh >> >>>> sftp scp >>>> >>>> r...@levana /> tree -L 2 /var/www/test >>>> /var/www/test >>>> |-- bin >>>> | |-- bash >>>> | |-- cat >>>> | |-- chmod >>>> | |-- cp >>>> | |-- cpio >>>> | |-- date >>>> | |-- dd >>>> | |-- echo >>>> | |-- egrep >>>> | |-- false >>>> | |-- fgrep >>>> | |-- grep >>>> | |-- gunzip >>>> | |-- gzip >>>> | |-- ln >>>> | |-- ls >>>> | |-- mkdir >>>> | |-- mktemp >>>> | |-- more >>>> | |-- mv >>>> | |-- nano >>>> | |-- pwd >>>> | |-- rm >>>> | |-- rmdir >>>> | |-- sed >>>> | |-- sh -> bash >>>> | |-- sleep >>>> | |-- sync >>>> | |-- tar >>>> | |-- touch >>>> | |-- true >>>> | |-- uncompress >>>> | `-- zcat >>>> |-- dev >>>> | |-- null >>>> | |-- tty >>>> | `-- urandom >>>> |-- etc >>>> | |-- alternatives >>>> | |-- bash.bashrc >>>> | |-- group >>>> | |-- host.conf >>>> | |-- hosts >>>> | |-- issue >>>> | |-- ld.so.cache >>>> | |-- ld.so.conf >>>> | |-- motd -> /var/run/motd >>>> | |-- nsswitch.conf >>>> | |-- passwd >>>> | |-- profile >>>> | |-- protocols >>>> | |-- resolv.conf >>>> | |-- services >>>> | |-- terminfo >>>> | `-- vim >>>> |-- lib >>>> | |-- libacl.so.1 -> libacl.so.1.1.0 >>>> | |-- libacl.so.1.1.0 >>>> | |-- libattr.so.1 -> libattr.so.1.1.0 >>>> | |-- libattr.so.1.1.0 >>>> | |-- libc-2.7.so >>>> | |-- libc.so.6 -> libc-2.7.so >>>> | |-- libcom_err.so.2 -> libcom_err.so.2.1 >>>> | |-- libcom_err.so.2.1 >>>> | |-- libcrypt-2.7.so >>>> | |-- libcrypt.so.1 -> libcrypt-2.7.so >>>> | |-- libdl-2.7.so >>>> | |-- libdl.so.2 -> libdl-2.7.so >>>> | |-- libkeyutils-1.2.so >>>> | |-- libkeyutils.so.1 -> libkeyutils-1.2.so >>>> | |-- libm-2.7.so >>>> | |-- libm.so.6 -> libm-2.7.so >>>> | |-- libncurses.so.5 -> libncurses.so.5.7 >>>> | |-- libncurses.so.5.7 >>>> | |-- libncursesw.so.5 -> libncursesw.so.5.7 >>>> | |-- libncursesw.so.5.7 >>>> | |-- libnsl-2.7.so >>>> | |-- libnsl.so.1 -> libnsl-2.7.so >>>> | |-- libnss_compat-2.7.so >>>> | |-- libnss_compat.so.2 -> libnss_compat-2.7.so >>>> | |-- libnss_dns-2.7.so >>>> | |-- libnss_dns.so.2 -> libnss_dns-2.7.so >>>> | |-- libnss_files-2.7.so >>>> | |-- libnss_files.so.2 -> libnss_files-2.7.so >>>> | |-- libnss_hesiod-2.7.so >>>> | |-- libnss_hesiod.so.2 -> libnss_hesiod-2.7.so >>>> | |-- libnss_nis-2.7.so >>>> | |-- libnss_nis.so.2 -> libnss_nis-2.7.so >>>> | |-- libnss_nisplus-2.7.so >>>> | |-- libnss_nisplus.so.2 -> libnss_nisplus-2.7.so >>>> | |-- libpthread-2.7.so >>>> | |-- libpthread.so.0 -> libpthread-2.7.so >>>> | |-- libresolv-2.7.so >>>> | |-- libresolv.so.2 -> libresolv-2.7.so >>>> | |-- librt-2.7.so >>>> | |-- librt.so.1 -> librt-2.7.so >>>> | |-- libselinux.so.1 >>>> | |-- libutil-2.7.so >>>> | |-- libutil.so.1 -> libutil-2.7.so >>>> | `-- terminfo >>>> |-- lib64 -> /lib >>>> |-- tmp >>>> |-- usr >>>> | |-- bin >>>> | |-- lib >>>> | `-- share >>>> `-- var >>>> |-- run >>>> `-- www >>>> >>>> >>> You seem to miss /var/www/test/libexec/ which contains the dynamic >>> linker (ld-elf.so.1). >>> What happens if you go into the chroot from your shell ? >>> # chroot /var/www/test /bin/sh >>> >>> I guess that won't work either. >>> >>>> any idea? how to you create your chroot/jail? do you not need tools >>>> >> like >> >>>> unzip or tar...? >>>> >>>> >>> It is weird that jailkit does not install the ld-elf.so.1; but that's >>> the best thing I can come up with. >>> You can try: >>> # cp -pr /libexec /var/www/test/libexec >>> >>> to copy it into the jail en retry your tests. >>> >>> -- Jille >>> >>>> On Fri, 09 Oct 2009 11:30:56 +0200, Jille Timmermans <[email protected]> >>>> wrote: >>>> >>>> >>>>> Stefan Klingner schreef: >>>>> >>>>> >>>>>> hi @all, >>>>>> >>>>>> thanks for the answers. >>>>>> >>>>>> from phpinfo()... >>>>>> >>>>>> open_basedir = no value >>>>>> safe_mode = off >>>>>> >>>>>> result of passthru('echo $PATH'); -> NOTHING >>>>>> >>>>>> >>>>>> >>>>> It is very unlikely that this will give no result at all. >>>>> Please try: >>>>> <?php >>>>> ini_set('display_errors', 'On'); >>>>> error_reporting(E_ALL); >>>>> $ret = shell_exec('echo x:$PATH:x'); >>>>> var_dump($ret); >>>>> $ret = shell_exec('/bin/ls /'); >>>>> var_dump($ret); >>>>> ?> >>>>> >>>>> By the way: Are you testing chroot inside jails ? That sounds >>>>> >>>>> >>>> oversecured >>>> >>>> >>>>> ;) >>>>> Is there any interest in peruser-jail support ? If so I will take a >>>>> >> look >> >>>>> >>>>> >>>> >>>> >>>>> at it. >>>>> >>>>> -- Jille >>>>> >>>>> >>>>>> how do you have created your jails? which tools do you used? have >>>>>> >>>>>> >>>> someone >>>> >>>> >>>>>> experience with jailkit. it looks like a really powerfull tool and it >>>>>> >>>>>> >>>> is >>>> >>>> >>>>>> maintained very well. >>>>>> >>>>>> i used jailkit... >>>>>> >>>>>> jk_init -j /home/user basicshell >>>>>> jk_jailuser user >>>>>> >>>>>> please help me getting this stuff working because i want to write the >>>>>> chroot tutorial for peruser. :) >>>>>> >>>>>> On Thu, 08 Oct 2009 23:02:21 +0200, Leen Besselink >>>>>> <[email protected]> >>>>>> wrote: >>>>>> >>>>>> >>>>>> >>>>>>> Jille Timmermans wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Stefan Klingner schreef: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> i try to run a command like "ls /" from a php script inside a >>>>>>>>> >> jail. >> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>> the >>>>>> >>>>>> >>>>>> >>>>>>>>> jail was created with jailkit and contain the tool + all required >>>>>>>>> libaries. if i write exec("ls /"); in a php script, it returns >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>> nothing. >>>>>> >>>>>> >>>>>> >>>>>>>>> have someone an idea? possibly the processor do not have the path >>>>>>>>> >> or >> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>> do >>>>>> >>>>>> >>>>>> >>>>>>>>> not know how to find the executable? >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> Would you please try: >>>>>>>> >>>>>>>> passthru('echo $PATH'); // output should contain /bin; if not: the >>>>>>>> >>>>>>>> >>>>>>>> >>>>>> shell >>>>>> >>>>>> >>>>>> >>>>>>>> interpreter can not find 'ls'; and you have to specify it as >>>>>>>> >>>>>>>> >>>> '/bin/ls'. >>>> >>>> >>>>>>>> passthru('ls -l /bin/sh'); // might give info about executability >>>>>>>> >>>>>>>> And of course check whether safe-mode is off ;) >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> And possibly: open_basedir ? >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> -- Jille >>>>>>>> _______________________________________________ >>>>>>>> Peruser mailing list >>>>>>>> [email protected] >>>>>>>> http://www.telana.com/mailman/listinfo/peruser >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> Peruser mailing list >>>>>>> [email protected] >>>>>>> http://www.telana.com/mailman/listinfo/peruser >>>>>>> >>>>>>> >>>>>>> >>>>>> _______________________________________________ >>>>>> Peruser mailing list >>>>>> [email protected] >>>>>> http://www.telana.com/mailman/listinfo/peruser >>>>>> >>>>>> >>>>>> >>>>> _______________________________________________ >>>>> Peruser mailing list >>>>> [email protected] >>>>> http://www.telana.com/mailman/listinfo/peruser >>>>> >>>>> >>>> _______________________________________________ >>>> Peruser mailing list >>>> [email protected] >>>> http://www.telana.com/mailman/listinfo/peruser >>>> >>>> >>> _______________________________________________ >>> Peruser mailing list >>> [email protected] >>> http://www.telana.com/mailman/listinfo/peruser >>> >> _______________________________________________ >> Peruser mailing list >> [email protected] >> http://www.telana.com/mailman/listinfo/peruser >> > _______________________________________________ > Peruser mailing list > [email protected] > http://www.telana.com/mailman/listinfo/peruser _______________________________________________ Peruser mailing list [email protected] http://www.telana.com/mailman/listinfo/peruser
