jailkit-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] jk_lsh: problem with single quotes / requested execu

From: Olivier Sessink
Subject: Re: [Jailkit-users] jk_lsh: problem with single quotes / requested executable not found
Date: Thu, 28 Apr 2011 09:22:20 +0200
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.14) Gecko/20110223 Thunderbird/3.1.8 
On 04/20/2011 04:39 PM, Leo wrote:

Hello,

I'm using jk_lsh in a chroot environment for a webserver. Really great
software! You have no interactive shell within the chroot (for security
reasons) but the application is able to execute system commands anyway.

Now I have a small problem: one of the web applications is passing the
commands with single quotes to jk_lsh. Unfortunately jk_lsh does not
strip the quotes and exits with a "requested executable not found" error:

jk_lsh -c "'/bin/ls' '-l'"

jk_lsh[23012]: jk_lsh version 2.13, started
jk_lsh[23012]: the requested executable '/bin/ls' is not found

whereas

jk_lsh -c '/bin/ls -l'
and
jk_lsh -c "/bin/ls -l"

are working fine.

Regular shells like (ba)sh can handle single quotes in a command:

sh -c "'/bin/ls' '-l'"

Any ideas why jk_lsh does not work with single quotes? Any help would be
appreciated!
I have an idea: it simply doesn't strip quotes. But that doesn't help you. I'm not sure what to do about it. Can you easily fix it on the side of the web application? 

Olivier

--
Bluefish website http://bluefish.openoffice.nl/
Blog http://oli4444.wordpress.com/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]