jailkit-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-dev] Patch for displaying cwd on shell execution


From: Olivier Sessink
Subject: Re: [Jailkit-dev] Patch for displaying cwd on shell execution
Date: Tue, 12 Jun 2007 09:08:08 +0200
User-agent: Icedove 1.5.0.10 (X11/20070329)

Brian Shire wrote:

Right sorry, I meant Apache virtual hosts. We run multiple domains under a single server, this means we could have several individuals running code in different directories which all show up with the same user id in the logs.

so you have a single user in the jk_lsh config file that has access to a long list of commands, each command for a different client ?

hmm I see what the problem is.

Was also thinking of adding a way to determine more precisely the actual script/executing code name, but not sure if I'll have a generic way to do this that could be acceptable for a public project.

when to determine this? in the logging? and how much more precise do you need it? (can you give an example?)

It's just an idea at this point, but we where thinking of using an environment variable that would be set by Apache (not the most ideal as this isn't terribly generic). This variable would contain a script name (let's say PHP for example) or any other information you want really, domain, etc. the jailkit sh could then include this in it's log output.

what about logging the complete command line? would that help? You can have Apache add something to the command line?

This is mostly useful when we are having trouble tracking down a vulnerability quickly. Rather than just knowing the directory path (from the above patch), we'd know the exact script or URL that was called to cause the shell exec. The ultimate would be to have the script/filename that called the shell exec, but I don't see a way to easily implement this for multiple languages.

so you actually want to log the parent application? Hmm I've no idea how to find out which process the parent is, but I guess it should be possible..

regards,
        Olivier




reply via email to

[Prev in Thread] Current Thread [Next in Thread]