[ale] Doing a chroot in Perl
Christopher Fowler
cfowler at outpostsentinel.com
Wed Aug 30 08:05:02 EDT 2006
This is kinda strange. On this same example I'm now outside of my
chroot jail and I can not delete a file that is owned by me
I created that file in the jail. I've not figured out why I was able to
do that. Since the '/' of the jail is owned by root.
[tomcat at sam-demo ScriptExecRoot]$ whoami
tomcat
[tomcat at sam-demo ScriptExecRoot]$ ls -l
total 276
drwxrwxr-x 2 root root 4096 Aug 30 07:58 bin
drwxr-xr-x 23 root root 233472 Aug 26 18:25 dev
drwxr-xr-x 2 root root 4096 Aug 30 08:02 etc
drwxr-xr-x 3 root root 4096 Aug 26 18:20 home
dr-xr-xr-x 2 root root 4096 Aug 26 20:02 lib
drwxr-xr-x 6 root root 4096 Aug 27 14:54 opt
-rw-r--r-- 1 tomcat tomcat 6689 Aug 30 08:02 out.txt
dr-xr-xr-x 202 root root 0 Apr 18 05:32 proc
drwxr-xr-x 2 root root 4096 Aug 26 18:21 root
drwxrwxr-x 2 root root 4096 Aug 26 17:31 sbin
drwxrwxrwt 2 root root 4096 Aug 28 15:41 tmp
drwxrwxr-x 4 root root 4096 Aug 30 07:59 usr
I'm outside the jail as user tomcat and I try to delete the file I
created inside the jail as tomcat. I can't do it.
[tomcat at sam-demo ScriptExecRoot]$ rm out.txt
rm: cannot remove `out.txt': Permission denied
On Tue, 2006-08-29 at 12:35 -0400, Christopher Fowler wrote:
> I doing something wrong in my test program. This program takes an
> argument and executes it in a chroot environment. If not argument is
> given it will simply execute the shell instead.
>
> This is part of my script execution that I asked about a week or so ago.
> I am now going to extract the script from the database and place it in a
> chroot environment. I will then execute it from there. I'm using this
> test program before I integrate it into the main code.
>
> --- [ Cut Here ]-------------------------------------
> #!/usr/bin/perl
>
> use POSIX qw/setuid setgid/;
> use strict;
>
> # Globals
> my $root = "/opt/SAM/ScriptExecRoot";
>
> sub main {
>
> # Verify if proc is mounted
> # if not mount it for the user
> if(! -d "$root/proc/1") {
> system "mount -o bind /proc $root/proc";
> }
>
>
> # Setup default language
> # This root does not support locale
> # and perl needs this
> $ENV{'LANG'} = "C";
> $ENV{'PATH'} = "$ENV{'PATH'}:/sbin:/usr/sbin";
>
> # Change our root and
> # set our uid
> chroot $root;
>
> my ($name,$pass,$uid,$gid,undef,undef,undef,$dir) = getpwnam("tomcat")
> or die;
>
> setgid $uid;
> setuid $uid;
> chdir $dir;
>
> # No argument? Just exec a shell
> if($#ARGV == -1 ) {
> exec "/bin/sh"
> or die "exec $!\n";
> }
>
> exec "/bin/sh", ("-c", @ARGV)
> or die "exec $!\n";
> }
>
> exit main;
> --- [ Cut Here ]-------------------------------------
>
> The problem is that I'm able to do stuff I should not be able to.
>
> Here is output
>
> --- [ Cut Here ]-------------------------------------
> [root at sam-demo ScriptExecRoot]# bin/exec.pl
>
>
> BusyBox v1.2.1 (2006.08.26-21:30+0000) Built-in shell (ash)
> Enter 'help' for a list of built-in commands.
>
> $ ps > /
> $ ls -l /out
> -rw-r--r-- 1 500 500 6998 Aug 26 23:42 /out
> $
> [root at sam-demo ScriptExecRoot]# ls -l
> total 276
> drwxrwxr-x 2 root root 4096 Aug 26 19:42 bin
> drwxr-xr-x 23 root root 233472 Aug 26 18:25 dev
> drwxr-xr-x 2 root root 4096 Aug 26 19:28 etc
> drwxr-xr-x 3 root root 4096 Aug 26 18:20 home
> dr-xr-xr-x 2 root root 4096 Aug 26 19:29 lib
> drwxr-xr-x 3 root root 4096 Aug 26 17:58 opt
> -rw-r--r-- 1 tomcat tomcat 6998 Aug 26 19:42 out
> dr-xr-xr-x 209 root root 0 Apr 18 05:32 proc
> drwxr-xr-x 2 root root 4096 Aug 26 18:21 root
> drwxrwxr-x 2 root root 4096 Aug 26 17:31 sbin
> drwxrwxrwt 2 root root 4096 Aug 26 19:42 tmp
> drwxrwxr-x 3 root root 4096 Aug 26 17:29 usr
> --- [ Cut Here ]-------------------------------------
>
> As you can see /out is owned by tomcat.tomcat but why was he able to
> place anything in /out? Probably something simple I'm not seeing or
> forgot to do.
>
> Thanks,
> Chris
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list