jailkit-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-dev] Patch for displaying cwd on shell execution


From: Olivier Sessink
Subject: Re: [Jailkit-dev] Patch for displaying cwd on shell execution
Date: Sat, 09 Jun 2007 10:24:31 +0200
User-agent: Icedove 1.5.0.10 (X11/20070329)

Brian Shire wrote:

On Jun 9, 2007, at 12:33 AM, Olivier Sessink wrote:

Brian Shire wrote:
Hello,
I currently use the following patch for my host, and thought others might find it useful. This adds the current working directory to the error log when an invalid shell command is issued: http://tekrat.com/gitweb_public/gitweb.cgi?p=jailkit;a=commitdiff;h=532740c72b78a9bc4101ef87817eaa3798dae194

I have no objections against this patch, but can you describe how this helps you?

We run a server with multiple virtual directories, so the error itself isn't useful unless we know which path to look under and thus narrow our search for vulnerable code or other problems. Let me know if there are other ways to do this or if it doesn't make sense.

what do you mean with 'virtual directory' ? are those multiple jails?

I normally just look at the UID, and from the UID I see which jail the user is in, so the jk_lsh.ini to look for must be the one in that specific jail.

Was also thinking of adding a way to determine more precisely the actual script/executing code name, but not sure if I'll have a generic way to do this that could be acceptable for a public project.

when to determine this? in the logging? and how much more precise do you need it? (can you give an example?)

regards,
        Olivier




reply via email to

[Prev in Thread] Current Thread [Next in Thread]