Re: [mod-security-users] Re: mod_security v1.8.4 Chroot problem
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Re: mod_security v1.8.4 Chroot problem
|
From: Ivan R. <iv...@we...> - 2005-05-23 10:49:21
|
Dan Bethe wrote: > I've got mod_security 1.8.4 with just the chroot function, httpd 1.3.31, and > frontpage 2002. It works fine without chroot. I haven't tested with suexec > yet. With chroot enabled, I'm having troubles with the suidkey. > > With mod_frontpage being loaded *before* mod_security, and with /bin/ps and > /usr/bin/sum and /proc inside the chroot, frontpage properly creates its > suidkey.$PID inside the chroot. fpcounter.exe appears to function, but with the > counter reset to 1, never incrementing. There are no errors in error_log either > of the main server or of the vhost in question. It's as is mod_frontpage > believes that it's working, and yet it's apparently not with fpcounter.exe. The > administrative web GUI works. fpcounter.exe and the administrative web GUI are > the only items I've tested it with. > > Please see my strace output at http://smuckola.org/etc/httpd_strace.text > > Do you have any clues or suggestions? Could this be the problem? [pid 25606] open("/home/dtm/public_html//_private/menu.html.cnt", O_RDWR) = -1 EACCES (Permission denied) It is clear the FrontPage module does not check whether the descriptor is valid or not: [pid 25606] lseek(-1, 0, SEEK_SET) = -1 EBADF (Bad file descriptor) [pid 25606] write(-1, "FPCountFile ", 12) = -1 EBADF (Bad file descriptor) [pid 25606] write(-1, "00000000001", 11) = -1 EBADF (Bad file descriptor) [pid 25606] close(-1) = -1 EBADF (Bad file descriptor) -- Ivan Ristic Apache Security (O'Reilly) - http://www.apachesecurity.net Open source web application firewall - http://www.modsecurity.org |
