https://savannah.nongnu.org/bugs/index.php?27646 :)
On Fri, 09 Oct 2009 13:49:09 +0200, Stefan Klingner <[email protected]> wrote: > jille, try to imagine, that a 110kgx2m man hug you ;) Great, it works! > tutorial will follow this month :) > > On Fri, 09 Oct 2009 13:38:03 +0200, Jille Timmermans <[email protected]> > wrote: >> Stefan Klingner schreef: >>> where i can find libexec? possibly a stupid question but locate only >>> returns /usr/lib/php5/libexec and adding this to the chroot change >>> nothing. >>> i searched for the lib in debian package database. no result. ... >>> >>> r...@levana /lib> uname -a >>> Linux levana 2.6.26-2-amd64 #1 SMP Fri Aug 14 07:12:04 UTC 2009 x86_64 >>> GNU/Linux >>> >> ah, I assumed you were using FreeBSD when you said you were using >> jails.. I'm sorry. >> Linux' dynamic linker is located in /lib/ld-linux.so.* which you also >> seem to be missing, so let's give that a try. >> # cp /lib/ld-linux.so* /var/www/test/lib/ >>> r...@levana /lib> cat /etc/debian_version >>> 5.0.3 >>> r...@levana /var/www/test> chroot /var/www/test /bin/sh >>> chroot: cannot run command `/bin/sh': No such file or directory >>> r...@levana /var/www/test> chroot /var/www/test /bin/bash >>> chroot: cannot run command `/bin/bash': No such file or directory >>> r...@levana /var/www/test> ls bin/bash >>> bin/bash >>> r...@levana /var/www/test> ls bin/sh >>> bin/sh >>> >> If copying in ld-linux.so does not fix it; would you please provide me >> the output of 'LD_LIBRARY_PATH=/var/www/test/lib:/var/www/test/usr/lib >> ldd /var/www/test/bin/sh' ? >> >> -- Jille >>> >>> >>> you are right. i am not able to login in >>> >>> On Fri, 09 Oct 2009 13:10:26 +0200, Jille Timmermans <[email protected]> >>> wrote: >>> >>>> Stefan Klingner schreef: >>>> >>>>> i am testing the chroot feature of peruser and i am not able to run > any >>>>> system tool when it is activated. >>>>> >>>>> >>>>> >>>>>> <?php >>>>>> ini_set('display_errors', 'On'); >>>>>> error_reporting(E_ALL); >>>>>> $ret = shell_exec('echo x:$PATH:x'); >>>>>> var_dump($ret); >>>>>> $ret = shell_exec('/bin/ls /'); >>>>>> var_dump($ret); >>>>>> ?> >>>>>> >>>>>> >>>>> <Processor test> >>>>> User test >>>>> Group www >>>>> Chroot /var/www/test >>>>> </Processor> >>>>> >>>>> RESULT: NULL NULL >>>>> >>>>> >>>> That looks like PHP can't start a shell interpreter (/bin/sh) to > execute >>>> >>> >>> >>>> the commands. >>>> >>>>> <Processor test> >>>>> User test >>>>> Group www >>>>> #Chroot /var/www/test >>>>> </Processor> >>>>> >>>>> RESULT: string(33) "x:/usr/local/bin:/usr/bin:/bin:x " string(130) > "bin >>>>> boot cdrom dev emul etc home initrd.img lib lib64 lost+found media > mnt >>>>> opt >>>>> proc root sbin selinux srv sys tmp usr var vmlinuz " >>>>> >>>>> JUST A TESTENV... :) >>>>> >>>>> jk_init -v -j /var/www/test basicshell editors extendedshell netutils >>>>> >>> ssh >>> >>>>> sftp scp >>>>> >>>>> r...@levana /> tree -L 2 /var/www/test >>>>> /var/www/test >>>>> |-- bin >>>>> | |-- bash >>>>> | |-- cat >>>>> | |-- chmod >>>>> | |-- cp >>>>> | |-- cpio >>>>> | |-- date >>>>> | |-- dd >>>>> | |-- echo >>>>> | |-- egrep >>>>> | |-- false >>>>> | |-- fgrep >>>>> | |-- grep >>>>> | |-- gunzip >>>>> | |-- gzip >>>>> | |-- ln >>>>> | |-- ls >>>>> | |-- mkdir >>>>> | |-- mktemp >>>>> | |-- more >>>>> | |-- mv >>>>> | |-- nano >>>>> | |-- pwd >>>>> | |-- rm >>>>> | |-- rmdir >>>>> | |-- sed >>>>> | |-- sh -> bash >>>>> | |-- sleep >>>>> | |-- sync >>>>> | |-- tar >>>>> | |-- touch >>>>> | |-- true >>>>> | |-- uncompress >>>>> | `-- zcat >>>>> |-- dev >>>>> | |-- null >>>>> | |-- tty >>>>> | `-- urandom >>>>> |-- etc >>>>> | |-- alternatives >>>>> | |-- bash.bashrc >>>>> | |-- group >>>>> | |-- host.conf >>>>> | |-- hosts >>>>> | |-- issue >>>>> | |-- ld.so.cache >>>>> | |-- ld.so.conf >>>>> | |-- motd -> /var/run/motd >>>>> | |-- nsswitch.conf >>>>> | |-- passwd >>>>> | |-- profile >>>>> | |-- protocols >>>>> | |-- resolv.conf >>>>> | |-- services >>>>> | |-- terminfo >>>>> | `-- vim >>>>> |-- lib >>>>> | |-- libacl.so.1 -> libacl.so.1.1.0 >>>>> | |-- libacl.so.1.1.0 >>>>> | |-- libattr.so.1 -> libattr.so.1.1.0 >>>>> | |-- libattr.so.1.1.0 >>>>> | |-- libc-2.7.so >>>>> | |-- libc.so.6 -> libc-2.7.so >>>>> | |-- libcom_err.so.2 -> libcom_err.so.2.1 >>>>> | |-- libcom_err.so.2.1 >>>>> | |-- libcrypt-2.7.so >>>>> | |-- libcrypt.so.1 -> libcrypt-2.7.so >>>>> | |-- libdl-2.7.so >>>>> | |-- libdl.so.2 -> libdl-2.7.so >>>>> | |-- libkeyutils-1.2.so >>>>> | |-- libkeyutils.so.1 -> libkeyutils-1.2.so >>>>> | |-- libm-2.7.so >>>>> | |-- libm.so.6 -> libm-2.7.so >>>>> | |-- libncurses.so.5 -> libncurses.so.5.7 >>>>> | |-- libncurses.so.5.7 >>>>> | |-- libncursesw.so.5 -> libncursesw.so.5.7 >>>>> | |-- libncursesw.so.5.7 >>>>> | |-- libnsl-2.7.so >>>>> | |-- libnsl.so.1 -> libnsl-2.7.so >>>>> | |-- libnss_compat-2.7.so >>>>> | |-- libnss_compat.so.2 -> libnss_compat-2.7.so >>>>> | |-- libnss_dns-2.7.so >>>>> | |-- libnss_dns.so.2 -> libnss_dns-2.7.so >>>>> | |-- libnss_files-2.7.so >>>>> | |-- libnss_files.so.2 -> libnss_files-2.7.so >>>>> | |-- libnss_hesiod-2.7.so >>>>> | |-- libnss_hesiod.so.2 -> libnss_hesiod-2.7.so >>>>> | |-- libnss_nis-2.7.so >>>>> | |-- libnss_nis.so.2 -> libnss_nis-2.7.so >>>>> | |-- libnss_nisplus-2.7.so >>>>> | |-- libnss_nisplus.so.2 -> libnss_nisplus-2.7.so >>>>> | |-- libpthread-2.7.so >>>>> | |-- libpthread.so.0 -> libpthread-2.7.so >>>>> | |-- libresolv-2.7.so >>>>> | |-- libresolv.so.2 -> libresolv-2.7.so >>>>> | |-- librt-2.7.so >>>>> | |-- librt.so.1 -> librt-2.7.so >>>>> | |-- libselinux.so.1 >>>>> | |-- libutil-2.7.so >>>>> | |-- libutil.so.1 -> libutil-2.7.so >>>>> | `-- terminfo >>>>> |-- lib64 -> /lib >>>>> |-- tmp >>>>> |-- usr >>>>> | |-- bin >>>>> | |-- lib >>>>> | `-- share >>>>> `-- var >>>>> |-- run >>>>> `-- www >>>>> >>>>> >>>> You seem to miss /var/www/test/libexec/ which contains the dynamic >>>> linker (ld-elf.so.1). >>>> What happens if you go into the chroot from your shell ? >>>> # chroot /var/www/test /bin/sh >>>> >>>> I guess that won't work either. >>>> >>>>> any idea? how to you create your chroot/jail? do you not need tools >>>>> >>> like >>> >>>>> unzip or tar...? >>>>> >>>>> >>>> It is weird that jailkit does not install the ld-elf.so.1; but that's >>>> the best thing I can come up with. >>>> You can try: >>>> # cp -pr /libexec /var/www/test/libexec >>>> >>>> to copy it into the jail en retry your tests. >>>> >>>> -- Jille >>>> >>>>> On Fri, 09 Oct 2009 11:30:56 +0200, Jille Timmermans <[email protected]> >>>>> wrote: >>>>> >>>>> >>>>>> Stefan Klingner schreef: >>>>>> >>>>>> >>>>>>> hi @all, >>>>>>> >>>>>>> thanks for the answers. >>>>>>> >>>>>>> from phpinfo()... >>>>>>> >>>>>>> open_basedir = no value >>>>>>> safe_mode = off >>>>>>> >>>>>>> result of passthru('echo $PATH'); -> NOTHING >>>>>>> >>>>>>> >>>>>>> >>>>>> It is very unlikely that this will give no result at all. >>>>>> Please try: >>>>>> <?php >>>>>> ini_set('display_errors', 'On'); >>>>>> error_reporting(E_ALL); >>>>>> $ret = shell_exec('echo x:$PATH:x'); >>>>>> var_dump($ret); >>>>>> $ret = shell_exec('/bin/ls /'); >>>>>> var_dump($ret); >>>>>> ?> >>>>>> >>>>>> By the way: Are you testing chroot inside jails ? That sounds >>>>>> >>>>>> >>>>> oversecured >>>>> >>>>> >>>>>> ;) >>>>>> Is there any interest in peruser-jail support ? If so I will take a >>>>>> >>> look >>> >>>>>> >>>>>> >>>>> >>>>> >>>>>> at it. >>>>>> >>>>>> -- Jille >>>>>> >>>>>> >>>>>>> how do you have created your jails? which tools do you used? have >>>>>>> >>>>>>> >>>>> someone >>>>> >>>>> >>>>>>> experience with jailkit. it looks like a really powerfull tool and > it >>>>>>> >>>>>>> >>>>> is >>>>> >>>>> >>>>>>> maintained very well. >>>>>>> >>>>>>> i used jailkit... >>>>>>> >>>>>>> jk_init -j /home/user basicshell >>>>>>> jk_jailuser user >>>>>>> >>>>>>> please help me getting this stuff working because i want to write > the >>>>>>> chroot tutorial for peruser. :) >>>>>>> >>>>>>> On Thu, 08 Oct 2009 23:02:21 +0200, Leen Besselink >>>>>>> <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Jille Timmermans wrote: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> Stefan Klingner schreef: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> i try to run a command like "ls /" from a php script inside a >>>>>>>>>> >>> jail. >>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>> the >>>>>>> >>>>>>> >>>>>>> >>>>>>>>>> jail was created with jailkit and contain the tool + all > required >>>>>>>>>> libaries. if i write exec("ls /"); in a php script, it returns >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>> nothing. >>>>>>> >>>>>>> >>>>>>> >>>>>>>>>> have someone an idea? possibly the processor do not have the > path >>>>>>>>>> >>> or >>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>> do >>>>>>> >>>>>>> >>>>>>> >>>>>>>>>> not know how to find the executable? >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> Would you please try: >>>>>>>>> >>>>>>>>> passthru('echo $PATH'); // output should contain /bin; if not: > the >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>> shell >>>>>>> >>>>>>> >>>>>>> >>>>>>>>> interpreter can not find 'ls'; and you have to specify it as >>>>>>>>> >>>>>>>>> >>>>> '/bin/ls'. >>>>> >>>>> >>>>>>>>> passthru('ls -l /bin/sh'); // might give info about executability >>>>>>>>> >>>>>>>>> And of course check whether safe-mode is off ;) >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> And possibly: open_basedir ? >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> -- Jille >>>>>>>>> _______________________________________________ >>>>>>>>> Peruser mailing list >>>>>>>>> [email protected] >>>>>>>>> http://www.telana.com/mailman/listinfo/peruser >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Peruser mailing list >>>>>>>> [email protected] >>>>>>>> http://www.telana.com/mailman/listinfo/peruser >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> Peruser mailing list >>>>>>> [email protected] >>>>>>> http://www.telana.com/mailman/listinfo/peruser >>>>>>> >>>>>>> >>>>>>> >>>>>> _______________________________________________ >>>>>> Peruser mailing list >>>>>> [email protected] >>>>>> http://www.telana.com/mailman/listinfo/peruser >>>>>> >>>>>> >>>>> _______________________________________________ >>>>> Peruser mailing list >>>>> [email protected] >>>>> http://www.telana.com/mailman/listinfo/peruser >>>>> >>>>> >>>> _______________________________________________ >>>> Peruser mailing list >>>> [email protected] >>>> http://www.telana.com/mailman/listinfo/peruser >>>> >>> _______________________________________________ >>> Peruser mailing list >>> [email protected] >>> http://www.telana.com/mailman/listinfo/peruser >>> >> _______________________________________________ >> Peruser mailing list >> [email protected] >> http://www.telana.com/mailman/listinfo/peruser > _______________________________________________ > Peruser mailing list > [email protected] > http://www.telana.com/mailman/listinfo/peruser _______________________________________________ Peruser mailing list [email protected] http://www.telana.com/mailman/listinfo/peruser
