klaus@relay.eu.net (klaus u schallhorn) (10/27/90)
I just tripped over sun's dynamic linking when trying to do the following:
/etc/passwd entry:
badguy::15:14:test login to check out restrictions:/home/jail:/home/bin/lockup
In /home/bin/lockup I do:
pwentry = getpwuid(getuid());
badguy_home = pwentry->pw_dir;
cd(badguy_home);
chroot(badguy_home); /* can't access anything higher now! */
set_uid_and_gid();
change_environment();
execl("/bin/sh", "-sh", NULL);
As I can't access the real /bin anymore I made a dummy bin in /home/jail
containg a sh and a few things [like ls, rm, more...] "badguy" is allowed
to use.
All the system utilities that came with the distribution and that badguy
is allowed to use have been linked dynamically. The only thing that works
is the sh [staic loading, csh doesn't] and my own code loaded statically.
If I try to "ls" or any distribution program I get
crt0.o: no /usr/lib/ld.so
If I add a fake usr/lib and a fake etc and copy the dynamic linker and its
cache: no change. If I [as root] rm "ls" and make a link to the real one
[which I would not want to] badguy can't use that either: the shell can't
follow the link because of chroot(). I'm truly locked up, but not the way
I wanted.
I really need the iron bars here, but I don't want to write my own ls and
various other things to load them with the static flag.
I'm using SunOS 4.1, /home/jail and the real /bin etc. are on different
disks. In .profile I just set PATH to /bin, if badguy does a "set", it
reads:
HOME=/jail/badguy
IFS=
LOGNAME=badguy
MAILCHECK=600
OPTIND=1
PATH=/bin
PS1=$
PS2=>
SHELL=/bin/sh
TERM=dialup
USER=badguy
Any ideas out there?
Thanks, klaus
send two QIC24 tapes for my signaturechris@com50.c2s.mn.org (Chris Johnson) (11/21/90)
In article <1990Oct26.221430.18602@rice.edu> cnix!klaus@relay.eu.net (klaus u schallhorn) writes: >I just tripped over sun's dynamic linking when trying to do the following: > >All the system utilities that came with the distribution and that badguy >is allowed to use have been linked dynamically. The only thing that works >is the sh [staic loading, csh doesn't] and my own code loaded statically. >If I try to "ls" or any distribution program I get > > crt0.o: no /usr/lib/ld.so This is just a wild idea from experiences trying to kludge (rhymes with rouge, you non-programmers-you) together a system installation that went awry. But maybe the problem you are having is because Mr. badguy can no longer find the libraries to link to them. Maybe that's so obvious you didn't ask about it having already checked it, or maybe you overlooked it. For a dynamically linked program to load, it's going to need all the parts, the loader/linker and the libraries. If someone else hasn't already used the library to get it into cache, maybe this is what results. Sorry if this shot from the hip is wrong. Hope someone who's an expert in this will come along and straighten us both out, if so. ...Chris Johnson chris@c2s.mn.org ..uunet!bungia!com50!chris Com Squared Systems, Inc. St. Paul, MN USA +1 612 452 9522