[gentoo-hardened] Problem with chroot - gentoo-hardened

From:	vitamona <vitamona@×××××.com>
To:	gentoo-hardened@l.g.o
Subject:	[gentoo-hardened] Problem with chroot
Date:	Thu, 10 Apr 2008 10:00:23
Message-Id:	`fb9836e60804100300o3b5c4546qf614334cd09403a2@mail.gmail.com`

1

Hi,

2

i was installed gentoo hardened with hardened sources.

3

4

I had enable this option in GrSecurity for chroot:

5

6

#

7

# Filesystem Protections

8

#

9

CONFIG_GRKERNSEC_PROC=y

10

# CONFIG_GRKERNSEC_PROC_USER is not set

11

CONFIG_GRKERNSEC_PROC_USERGROUP=y

12

CONFIG_GRKERNSEC_PROC_GID=10

13

CONFIG_GRKERNSEC_PROC_ADD=y

14

CONFIG_GRKERNSEC_LINK=y

15

CONFIG_GRKERNSEC_FIFO=y

16

CONFIG_GRKERNSEC_CHROOT=y

17

CONFIG_GRKERNSEC_CHROOT_MOUNT=y

18

CONFIG_GRKERNSEC_CHROOT_DOUBLE=y

19

CONFIG_GRKERNSEC_CHROOT_PIVOT=y

20

# CONFIG_GRKERNSEC_CHROOT_CHDIR is not set

21

CONFIG_GRKERNSEC_CHROOT_CHMOD=y

22

CONFIG_GRKERNSEC_CHROOT_FCHDIR=y

23

CONFIG_GRKERNSEC_CHROOT_MKNOD=y

24

CONFIG_GRKERNSEC_CHROOT_SHMAT=y

25

CONFIG_GRKERNSEC_CHROOT_UNIX=y

26

CONFIG_GRKERNSEC_CHROOT_FINDTASK=y

27

CONFIG_GRKERNSEC_CHROOT_NICE=y

28

CONFIG_GRKERNSEC_CHROOT_SYSCTL=y

29

CONFIG_GRKERNSEC_CHROOT_CAPS=y

30

31

i was created a jail with app-misc/jail in this way:

32

33

# mkdir /chroot

34

# mkjailenv /chroot/apache

35

# addaliasw /chroot/apache/

36

37

but when i try to enter into this chroot something doens't work.

38

39

# chroot /chroot/apache/ /bin/sh

40

chroot: cannot run command `/bin/sh': No such file or directory

41

42

but the file exists:

43

# ls -la /chroot/apache/bin/

44

total 1553

45

drwxr-xr-x  2 root root    432 Apr 10 09:02 .

46

drwxr-xr-x 10 root root    240 Apr 10 09:11 ..

47

lrwxrwxrwx  1 root root      2 Apr 10 09:02 bash -> sh

48

-rwxr-xr-x  1 root root  21784 Apr 10 08:54 cat

49

-rwxr-xr-x  1 root root  70968 Apr 10 08:54 cp

50

-rwxr-xr-x  1 root root  91448 Apr 10 08:54 grep

51

-rwxr-xr-x  1 root root  34096 Apr 10 08:54 head

52

-rwxr-xr-x  1 root root  29956 Apr 10 08:54 ln

53

-rwxr-xr-x  1 root root 100168 Apr 10 08:54 ls

54

-rwxr-xr-x  1 root root  25848 Apr 10 08:54 mkdir

55

-rwxr-xr-x  1 root root  38120 Apr 10 08:54 more

56

-rwxr-xr-x  1 root root  79160 Apr 10 08:54 mv

57

-rwxr-xr-x  1 root root  25848 Apr 10 08:54 pwd

58

-rwxr-xr-x  1 root root  46332 Apr 10 08:54 rm

59

-rwxr-xr-x  1 root root  21752 Apr 10 08:54 rmdir

60

-rwxr-xr-x  1 root root 874860 Apr 10 08:54 sh

61

-rwxr-xr-x  1 root root  46412 Apr 10 08:54 tail

62

-rwxr-xr-x  1 root root  42236 Apr 10 08:54 touch

63

64

this is a strace dump:

65

************************************************

66

# strace chroot /chroot/apache/ /bin/sh

67

execve("/usr/bin/chroot", ["chroot", "/chroot/apache/", "/bin/sh"],

68

[/* 24 vars */]) = 0

69

brk(0)                                  = 0x178c62f4

70

access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)

71

open("/etc/ld.so.cache", O_RDONLY)      = 3

72

fstat64(3, {st_mode=S_IFREG|0644, st_size=10254, ...}) = 0

73

mmap2(NULL, 10254, PROT_READ, MAP_PRIVATE, 3, 0) = 0x4c7a7000

74

close(3)                                = 0

75

open("/lib/libc.so.6", O_RDONLY)        = 3

76

read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@a\1\0004\0\0\0"...,

77

512) = 512

78

fstat64(3, {st_mode=S_IFREG|0755, st_size=1249516, ...}) = 0

79

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,

80

0) = 0x4c7a6000

81

mmap2(NULL, 1255696, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,

82

3, 0) = 0x4c673000

83

mmap2(0x4c7a0000, 12288, PROT_READ|PROT_WRITE,

84

MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12d) = 0x4c7a0000

85

mmap2(0x4c7a3000, 10512, PROT_READ|PROT_WRITE,

86

MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4c7a3000

87

close(3)                                = 0

88

mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,

89

0) = 0x4c672000

90

set_thread_area({entry_number:-1 -> 6, base_addr:0x4c6726c0,

91

limit:1048575, seg_32bit:1, contents:0, read_exec_only:0,

92

limit_in_pages:1, seg_not_present:0, useable:1}) = 0

93

open("/dev/urandom", O_RDONLY)          = 3

94

read(3, "ZC\307U", 4)                   = 4

95

close(3)                                = 0

96

mprotect(0x4c7a0000, 8192, PROT_READ)   = 0

97

mprotect(0x178b7000, 4096, PROT_READ)   = 0

98

mprotect(0x4c7c5000, 4096, PROT_READ)   = 0

99

munmap(0x4c7a7000, 10254)               = 0

100

brk(0)                                  = 0x178c62f4

101

brk(0x178e72f4)                         = 0x178e72f4

102

brk(0x178e8000)                         = 0x178e8000

103

chroot("/chroot/apache/")               = 0

104

chdir("/")                              = 0

105

execve("/bin/sh", ["/bin/sh"...], [/* 24 vars */]) = -1 ENOENT (No

106

such file or directory)

107

write(2, "chroot: ", 8chroot: )                 = 8

108

write(2, "cannot run command `/bin/sh\'", 28cannot run command `/bin/sh') = 28

109

write(2, ": No such file or directory", 27: No such file or directory) = 27

110

write(2, "\n", 1

111

)                       = 1

112

close(1)                                = 0

113

close(2)                                = 0

114

exit_group(127)

115

**************************************************

116

117

Can you help me?

118

119

many thanks

120

--

121

gentoo-hardened@l.g.o mailing list

Subject	Author
[gentoo-hardened] Re: Problem with chroot	7v5w7go9ub0o <7v5w7go9ub0o@×××××.com>
Re: [gentoo-hardened] Problem with chroot	pageexec@××××××××.hu

Gentoo Archives: gentoo-hardened

Replies

1	Hi,
2	i was installed gentoo hardened with hardened sources.
3
4	I had enable this option in GrSecurity for chroot:
5
6	#
7	# Filesystem Protections
8	#
9	CONFIG_GRKERNSEC_PROC=y
10	# CONFIG_GRKERNSEC_PROC_USER is not set
11	CONFIG_GRKERNSEC_PROC_USERGROUP=y
12	CONFIG_GRKERNSEC_PROC_GID=10
13	CONFIG_GRKERNSEC_PROC_ADD=y
14	CONFIG_GRKERNSEC_LINK=y
15	CONFIG_GRKERNSEC_FIFO=y
16	CONFIG_GRKERNSEC_CHROOT=y
17	CONFIG_GRKERNSEC_CHROOT_MOUNT=y
18	CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
19	CONFIG_GRKERNSEC_CHROOT_PIVOT=y
20	# CONFIG_GRKERNSEC_CHROOT_CHDIR is not set
21	CONFIG_GRKERNSEC_CHROOT_CHMOD=y
22	CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
23	CONFIG_GRKERNSEC_CHROOT_MKNOD=y
24	CONFIG_GRKERNSEC_CHROOT_SHMAT=y
25	CONFIG_GRKERNSEC_CHROOT_UNIX=y
26	CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
27	CONFIG_GRKERNSEC_CHROOT_NICE=y
28	CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
29	CONFIG_GRKERNSEC_CHROOT_CAPS=y
30
31	i was created a jail with app-misc/jail in this way:
32
33	# mkdir /chroot
34	# mkjailenv /chroot/apache
35	# addaliasw /chroot/apache/
36
37	but when i try to enter into this chroot something doens't work.
38
39	# chroot /chroot/apache/ /bin/sh
40	chroot: cannot run command `/bin/sh': No such file or directory
41
42	but the file exists:
43	# ls -la /chroot/apache/bin/
44	total 1553
45	drwxr-xr-x 2 root root 432 Apr 10 09:02 .
46	drwxr-xr-x 10 root root 240 Apr 10 09:11 ..
47	lrwxrwxrwx 1 root root 2 Apr 10 09:02 bash -> sh
48	-rwxr-xr-x 1 root root 21784 Apr 10 08:54 cat
49	-rwxr-xr-x 1 root root 70968 Apr 10 08:54 cp
50	-rwxr-xr-x 1 root root 91448 Apr 10 08:54 grep
51	-rwxr-xr-x 1 root root 34096 Apr 10 08:54 head
52	-rwxr-xr-x 1 root root 29956 Apr 10 08:54 ln
53	-rwxr-xr-x 1 root root 100168 Apr 10 08:54 ls
54	-rwxr-xr-x 1 root root 25848 Apr 10 08:54 mkdir
55	-rwxr-xr-x 1 root root 38120 Apr 10 08:54 more
56	-rwxr-xr-x 1 root root 79160 Apr 10 08:54 mv
57	-rwxr-xr-x 1 root root 25848 Apr 10 08:54 pwd
58	-rwxr-xr-x 1 root root 46332 Apr 10 08:54 rm
59	-rwxr-xr-x 1 root root 21752 Apr 10 08:54 rmdir
60	-rwxr-xr-x 1 root root 874860 Apr 10 08:54 sh
61	-rwxr-xr-x 1 root root 46412 Apr 10 08:54 tail
62	-rwxr-xr-x 1 root root 42236 Apr 10 08:54 touch
63
64	this is a strace dump:
65	************************************************
66	# strace chroot /chroot/apache/ /bin/sh
67	execve("/usr/bin/chroot", ["chroot", "/chroot/apache/", "/bin/sh"],
68	[/* 24 vars */]) = 0
69	brk(0) = 0x178c62f4
70	access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
71	open("/etc/ld.so.cache", O_RDONLY) = 3
72	fstat64(3, {st_mode=S_IFREG\|0644, st_size=10254, ...}) = 0
73	mmap2(NULL, 10254, PROT_READ, MAP_PRIVATE, 3, 0) = 0x4c7a7000
74	close(3) = 0
75	open("/lib/libc.so.6", O_RDONLY) = 3
76	read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0@a\1\0004\0\0\0"...,
77	512) = 512
78	fstat64(3, {st_mode=S_IFREG\|0755, st_size=1249516, ...}) = 0
79	mmap2(NULL, 4096, PROT_READ\|PROT_WRITE, MAP_PRIVATE\|MAP_ANONYMOUS, -1,
80	0) = 0x4c7a6000
81	mmap2(NULL, 1255696, PROT_READ\|PROT_EXEC, MAP_PRIVATE\|MAP_DENYWRITE,
82	3, 0) = 0x4c673000
83	mmap2(0x4c7a0000, 12288, PROT_READ\|PROT_WRITE,
84	MAP_PRIVATE\|MAP_FIXED\|MAP_DENYWRITE, 3, 0x12d) = 0x4c7a0000
85	mmap2(0x4c7a3000, 10512, PROT_READ\|PROT_WRITE,
86	MAP_PRIVATE\|MAP_FIXED\|MAP_ANONYMOUS, -1, 0) = 0x4c7a3000
87	close(3) = 0
88	mmap2(NULL, 4096, PROT_READ\|PROT_WRITE, MAP_PRIVATE\|MAP_ANONYMOUS, -1,
89	0) = 0x4c672000
90	set_thread_area({entry_number:-1 -> 6, base_addr:0x4c6726c0,
91	limit:1048575, seg_32bit:1, contents:0, read_exec_only:0,
92	limit_in_pages:1, seg_not_present:0, useable:1}) = 0
93	open("/dev/urandom", O_RDONLY) = 3
94	read(3, "ZC\307U", 4) = 4
95	close(3) = 0
96	mprotect(0x4c7a0000, 8192, PROT_READ) = 0
97	mprotect(0x178b7000, 4096, PROT_READ) = 0
98	mprotect(0x4c7c5000, 4096, PROT_READ) = 0
99	munmap(0x4c7a7000, 10254) = 0
100	brk(0) = 0x178c62f4
101	brk(0x178e72f4) = 0x178e72f4
102	brk(0x178e8000) = 0x178e8000
103	chroot("/chroot/apache/") = 0
104	chdir("/") = 0
105	execve("/bin/sh", ["/bin/sh"...], [/* 24 vars */]) = -1 ENOENT (No
106	such file or directory)
107	write(2, "chroot: ", 8chroot: ) = 8
108	write(2, "cannot run command `/bin/sh\'", 28cannot run command `/bin/sh') = 28
109	write(2, ": No such file or directory", 27: No such file or directory) = 27
110	write(2, "\n", 1
111	) = 1
112	close(1) = 0
113	close(2) = 0
114	exit_group(127)
115	**************************************************
116
117	Can you help me?
118
119	many thanks
120	--
121	gentoo-hardened@l.g.o mailing list