From: Seebs on
On 2010-04-16 05:37:44 -0500, blacklight said:
> (Oh, and of course I execute this program as root, lol).

Then chroot isn't buying you anything. :)

-s
--
Copyright 2010, all wrongs reversed. Peter Seebach / usenet-nospam(a)seebs.net
http://www.seebs.net/log/ <-- lawsuits, religion, and funny pictures
http://en.wikipedia.org/wiki/Fair_Game_(Scientology) <-- get educated!

From: Moi on
On Fri, 16 Apr 2010 10:37:44 +0000, blacklight wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Well I've also tried by using pipe()+fork()+exec() routing to get around
> the issue, but it doesn't work this way too.
>
> Again, this is the tree where I'm going to chroot:
>
> + /p
> |--> /p/popen
> |--> /p/test
>
> The source code of test in this case is very simple, a simple and stupid
> printf, so it relies on no external library. This is the new code of
> popen.c:
>

printf is in stdlib, which (by default) is linked dynamically in linux.

You need to explicitly link statically ( -static on the GCC command line).
Then it worked for me.


>
>
> #include <stdio.h>
> #include <stdlib.h>
> #include <unistd.h>
> #include <sys/wait.h>
>
> typedef int pipe_t[2];
>
> int
> main ( int argc, char *argv[] )
> {
> pipe_t pp;
> char ch;
>
> if (chroot(".") < 0)
> return EXIT_FAILURE;
>
> if (pipe(pp) < 0)
> return EXIT_FAILURE;
>
> if (!fork()) {
> close(pp[0]);
> close(1);
> dup(pp[1]);
>

Normally you should also do a set[e]uid() and maybe set[e]gid() here.

> execl ("/test", "test", NULL);

you could check the errno here.

> close(pp[1]);

The close should go before the exec, (you already dupped the fd, and
in the successful code path this statement is not reached anyway)

> exit(0);

This should be exit(EXIT_FAILURE), since execl() only returns in case of error.

> } else {
> close(pp[1]);
>
> while (read(pp[0], &ch, 1) > 0)
> write (1, &ch, 1);
> write (1, "\n", 1);
>
> close(pp[0]);
> wait ((int*) 0);
> }
>
> return EXIT_SUCCESS;
> }
>
> This behaviour is really weird and I can find no explanation for that.
> Anyway, I cannot avoid the chroot() jail. I'm working to improve a tiny
> webserver coded by a friend in order to let it work with CGI
> apps/scripts, and it strongly relies on chroot() system call.
>
> (Oh, and of course I execute this program as root, lol).

Yes, you should. But don't forget to lose root before exec()

HTH,
AvK
From: Moi on
On Sat, 17 Apr 2010 13:44:11 +0200, Moi wrote:

> On Fri, 16 Apr 2010 10:37:44 +0000, blacklight wrote:
>
>
>>
> printf is in stdlib, which (by default) is linked dynamically in linux.

Ooops. I meant libc, of course.

> You need to explicitly link statically ( -static on the GCC command
> line). Then it worked for me.
>

> HTH,
> AvK