klaus@relay.eu.net (klaus u schallhorn) (10/27/90)
I just tripped over sun's dynamic linking when trying to do the following: /etc/passwd entry: badguy::15:14:test login to check out restrictions:/home/jail:/home/bin/lockup In /home/bin/lockup I do: pwentry = getpwuid(getuid()); badguy_home = pwentry->pw_dir; cd(badguy_home); chroot(badguy_home); /* can't access anything higher now! */ set_uid_and_gid(); change_environment(); execl("/bin/sh", "-sh", NULL); As I can't access the real /bin anymore I made a dummy bin in /home/jail containg a sh and a few things [like ls, rm, more...] "badguy" is allowed to use. All the system utilities that came with the distribution and that badguy is allowed to use have been linked dynamically. The only thing that works is the sh [staic loading, csh doesn't] and my own code loaded statically. If I try to "ls" or any distribution program I get crt0.o: no /usr/lib/ld.so If I add a fake usr/lib and a fake etc and copy the dynamic linker and its cache: no change. If I [as root] rm "ls" and make a link to the real one [which I would not want to] badguy can't use that either: the shell can't follow the link because of chroot(). I'm truly locked up, but not the way I wanted. I really need the iron bars here, but I don't want to write my own ls and various other things to load them with the static flag. I'm using SunOS 4.1, /home/jail and the real /bin etc. are on different disks. In .profile I just set PATH to /bin, if badguy does a "set", it reads: HOME=/jail/badguy IFS= LOGNAME=badguy MAILCHECK=600 OPTIND=1 PATH=/bin PS1=$ PS2=> SHELL=/bin/sh TERM=dialup USER=badguy Any ideas out there? Thanks, klaus send two QIC24 tapes for my signature
chris@com50.c2s.mn.org (Chris Johnson) (11/21/90)
In article <1990Oct26.221430.18602@rice.edu> cnix!klaus@relay.eu.net (klaus u schallhorn) writes: >I just tripped over sun's dynamic linking when trying to do the following: > >All the system utilities that came with the distribution and that badguy >is allowed to use have been linked dynamically. The only thing that works >is the sh [staic loading, csh doesn't] and my own code loaded statically. >If I try to "ls" or any distribution program I get > > crt0.o: no /usr/lib/ld.so This is just a wild idea from experiences trying to kludge (rhymes with rouge, you non-programmers-you) together a system installation that went awry. But maybe the problem you are having is because Mr. badguy can no longer find the libraries to link to them. Maybe that's so obvious you didn't ask about it having already checked it, or maybe you overlooked it. For a dynamically linked program to load, it's going to need all the parts, the loader/linker and the libraries. If someone else hasn't already used the library to get it into cache, maybe this is what results. Sorry if this shot from the hip is wrong. Hope someone who's an expert in this will come along and straighten us both out, if so. ...Chris Johnson chris@c2s.mn.org ..uunet!bungia!com50!chris Com Squared Systems, Inc. St. Paul, MN USA +1 612 452 9522