[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-dev] Patch for displaying cwd on shell execution

From: Brian Shire
Subject: Re: [Jailkit-dev] Patch for displaying cwd on shell execution
Date: Mon, 11 Jun 2007 09:57:46 -0700

On Jun 9, 2007, at 1:24 AM, Olivier Sessink wrote:

Brian Shire wrote:
On Jun 9, 2007, at 12:33 AM, Olivier Sessink wrote:
Brian Shire wrote:
I currently use the following patch for my host, and thought others might find it useful. This adds the current working directory to the error log when an invalid shell command is issued: http://tekrat.com/gitweb_public/gitweb.cgi? p=jailkit;a=commitdiff;h=532740c72b78a9bc4101ef87817eaa3798dae194

I have no objections against this patch, but can you describe how this helps you?
We run a server with multiple virtual directories, so the error itself isn't useful unless we know which path to look under and thus narrow our search for vulnerable code or other problems. Let me know if there are other ways to do this or if it doesn't make sense.

what do you mean with 'virtual directory' ? are those multiple jails?

I normally just look at the UID, and from the UID I see which jail the user is in, so the jk_lsh.ini to look for must be the one in that specific jail.

Right sorry, I meant Apache virtual hosts. We run multiple domains under a single server, this means we could have several individuals running code in different directories which all show up with the same user id in the logs.

Was also thinking of adding a way to determine more precisely the actual script/executing code name, but not sure if I'll have a generic way to do this that could be acceptable for a public project.

when to determine this? in the logging? and how much more precise do you need it? (can you give an example?)

It's just an idea at this point, but we where thinking of using an environment variable that would be set by Apache (not the most ideal as this isn't terribly generic). This variable would contain a script name (let's say PHP for example) or any other information you want really, domain, etc. the jailkit sh could then include this in it's log output.

This is mostly useful when we are having trouble tracking down a vulnerability quickly. Rather than just knowing the directory path (from the above patch), we'd know the exact script or URL that was called to cause the shell exec. The ultimate would be to have the script/filename that called the shell exec, but I don't see a way to easily implement this for multiple languages.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]