I'm working on a webserver in UNIX environment with C language. Currently, I have done jailing the process but now I cannot use syslog and logging to a file option and that's basically due to the changed root path.
New root path for the program is it's directory. I could not escape from it to real root "/" in order to use these functions and go back to jail root path again.
Are there any other alternatives or solutions to this?
The whole point of using chroot() is to make the real root inaccessible, so easy formula: If you can break it, you don't need it.
So, you should make syslog accessible from within your chroot environment instead. How? Just openlog() prior to chroot(). After that, you can syslog() even though you wouldn't be able to openlog() it anymore.
If your root is the working directory, don't use chroot, and remove the '/' at the beggining of all the relative path you use, or add '.' before this '/'.
Use chroot only if you want to fully work as if it was your system root.
If both env are on the same file system, you can use hard links so that under the chroot'ed env you see files "outside". It may not be so easy to configure everything to work, but it is possible. Change your viewpoint: don't try to escape from chroot, try to include things into.
Related
I have clone a git repository in C:/Repo. I am trying to open a file which lies in the git at some location ,for example, git/program/slm/error.txt. I am using fopen() API in C language to open the file and the filepath I am specifying is "C:/Repo/git/program/slm/error.txt". The program seems to be working while providing the above mentioned path. But,I want to make this program generic so that it can work on other systems as well as in other systems it is not necessary that the git will be cloned in C:/Repo only,this is local to my system. git/program/slm/error.txt is the relative path and will be common for all the system.
Can anyone please help me how what filepathname should I provide to make it generic so that it works on all the systems?
Take your repository path as commandline argument and then when you want to access the file append the repository path and the relative path that you want to access.
I have this line code in my file .pl
system("./read_image http://echopaw.fr/wp-content/uploads/2015/09/animals-41.jpg");
read_image is a C executable file, it works well in command line, but when I run my .pl file in web server, this line didn't work, its function is to write some data into a file, so I can see if it works
I also tried `` , but it still didn't work
anyone gets some ideas?
I think it's because when your webserver runs your CGI then it does so from some wierd directory (/var/www/htdocs or / or whatever). Then your read_image is also expected to be in that directory because of the ./read_image.
./ means current directory, which is not necessarily the directory where your .cgi is located.
I'd suggest using the Perl module FindBin:
your cgi:
...
use strict;
use warnings;
use FindBin;
...
system("$FindBin::Bin/read_image http://echopaw.fr/wp-content/uploads/2015/09/animals-41.jpg");
$FindBin::Bin resolves to the path where your .cgi is located -- no matter where you call it from. It's a quite handy module and can also be used to pimp the #INC path to find your own modules:
use lib "$FindBin::Bin/../lib";
use MyModule;
This way MyModule.pm is expected to be in $current_script_path/../lib. Very convenient.
Addendum
As the discussion evolves this is apparently not only a problem of whether apache can or cannot find the read_image command but also of whether read_image in turn can find the wget command which it tries to execute.
As #CDahn already noted in a comment apache runs CGI scripts and the like with a limited environment for security reasons. If you run read_image from your shell, then you have a fully working environment with, say, PATH including 15 different directories (like /usr/bin:/opt/bin:/usr/share/bin:/usr/local/bin:..., whatever). When apache runs your scripts, PATH may only contain 2 or 3 directories that are absolutely necessary, e.g. /usr/bin:/usr/local/bin. The same applies to other environment variables.
You can verify this with a little .cgi script that simply echoes the current environment, like
while (my ($key,$value) = each %ENV) {
print "$key=$value\n";
}
(Taken from http://perldoc.perl.org/functions/each.html)
Call this .cgi from your browser and you'll see the difference.
When your read_image cannot find the wget command then probably because wget is located in a PATH apache doesn't know of. Instead of teaching apache about the additional directory (bad idea), I would give the full path to wget command in your read_image program. From your terminal window run
$ which wget
/usr/bin/wget
and use that very path when calling wget from your read_image.
I'm writing a fuse file system that mount one directory to itself. I want to log some calls (flush for example). I've started to adapt fuse tutorial sample code. If I try to bind any directory it works great:
./bbfs -o nonempty ./test ./test
but if I try to bind particular root directory ("/"):
sudo ./bbfs -o nonempty / /
no one line is in logfile.
Is it possible?
My mangled version of sample program. I've changed only bbfs.c file.
You can't mount a FUSE filesystem (or any other type of filesystem, for that matter) at /, because your root filesystem is already there.
Doing so would be disastrous anyway, as mounting a filesystem at a path makes any files which previously existed under that path inaccessible. You can't use FUSE as a filter like this -- you will need to find another solution to whatever it is you're trying to do.
I'm trying to get bake working on my subdomain which is under shared hosting.
Is there a way we can get this working? I know how to connect to server via ssh shell but then what do I do after that?
First cd to the directory where the cake script is. On a Linux webserver, this would probably be something like ~/cake/console/, if you've put the CakePHP libs outside your web-accessible directories. If you've put everything into your web directory you'll probably have to go somewhere like ~/www/cake/console/.
Then simply type ./cake bake and take it from there.
You shouldn't have to do anything with environment variables. This is only necessary if you want to be able to run the cake console from any directory. I find it less of a hassle to just cd into the cake console's directory and run it using ./cake.
same as local machine cd <path_to_console> cake
if you do not know path_to_console ask for host support,
also path_to_console may be in environment path then just use cake in all dirs
I'm making a filesystem using FUSE, and know I have a doubt. When I use the "cd" command in the new filesystem, it changes to directories that doesn't exist.
For example, if the directory "m" doesn't exist, and I make a "cd m" it changes to that directory.
Which is the function that FUSE calls when the directory is changed? Why is the app doing the problem I describe?
Thanks!
Are you implementing getattr? and if so, are you making sure to return -ENOENT if the path they give you doesn't correspond to a file or directory in your system?