[ale] Doing a chroot in Perl
Christopher Fowler
cfowler at outpostsentinel.com
Tue Aug 29 12:35:31 EDT 2006
I doing something wrong in my test program. This program takes an
argument and executes it in a chroot environment. If not argument is
given it will simply execute the shell instead.
This is part of my script execution that I asked about a week or so ago.
I am now going to extract the script from the database and place it in a
chroot environment. I will then execute it from there. I'm using this
test program before I integrate it into the main code.
--- [ Cut Here ]-------------------------------------
#!/usr/bin/perl
use POSIX qw/setuid setgid/;
use strict;
# Globals
my $root = "/opt/SAM/ScriptExecRoot";
sub main {
# Verify if proc is mounted
# if not mount it for the user
if(! -d "$root/proc/1") {
system "mount -o bind /proc $root/proc";
}
# Setup default language
# This root does not support locale
# and perl needs this
$ENV{'LANG'} = "C";
$ENV{'PATH'} = "$ENV{'PATH'}:/sbin:/usr/sbin";
# Change our root and
# set our uid
chroot $root;
my ($name,$pass,$uid,$gid,undef,undef,undef,$dir) = getpwnam("tomcat")
or die;
setgid $uid;
setuid $uid;
chdir $dir;
# No argument? Just exec a shell
if($#ARGV == -1 ) {
exec "/bin/sh"
or die "exec $!\n";
}
exec "/bin/sh", ("-c", @ARGV)
or die "exec $!\n";
}
exit main;
--- [ Cut Here ]-------------------------------------
The problem is that I'm able to do stuff I should not be able to.
Here is output
--- [ Cut Here ]-------------------------------------
[root at sam-demo ScriptExecRoot]# bin/exec.pl
BusyBox v1.2.1 (2006.08.26-21:30+0000) Built-in shell (ash)
Enter 'help' for a list of built-in commands.
$ ps > /
$ ls -l /out
-rw-r--r-- 1 500 500 6998 Aug 26 23:42 /out
$
[root at sam-demo ScriptExecRoot]# ls -l
total 276
drwxrwxr-x 2 root root 4096 Aug 26 19:42 bin
drwxr-xr-x 23 root root 233472 Aug 26 18:25 dev
drwxr-xr-x 2 root root 4096 Aug 26 19:28 etc
drwxr-xr-x 3 root root 4096 Aug 26 18:20 home
dr-xr-xr-x 2 root root 4096 Aug 26 19:29 lib
drwxr-xr-x 3 root root 4096 Aug 26 17:58 opt
-rw-r--r-- 1 tomcat tomcat 6998 Aug 26 19:42 out
dr-xr-xr-x 209 root root 0 Apr 18 05:32 proc
drwxr-xr-x 2 root root 4096 Aug 26 18:21 root
drwxrwxr-x 2 root root 4096 Aug 26 17:31 sbin
drwxrwxrwt 2 root root 4096 Aug 26 19:42 tmp
drwxrwxr-x 3 root root 4096 Aug 26 17:29 usr
--- [ Cut Here ]-------------------------------------
As you can see /out is owned by tomcat.tomcat but why was he able to
place anything in /out? Probably something simple I'm not seeing or
forgot to do.
Thanks,
Chris
More information about the Ale
mailing list