|
From: m0nkey <poo...@wa...> - 2005-06-17 15:25:12
|
Hello
Thanks for the reply... i just got it working:
strace -fF apache2 -D SSL -D PHP4 -D SECURITY
Here is the output.. during the mail command. I also added a symlink in
jail to /bin/sh.. but that didn't fix anything:
14340 open("/var/www/www.billybob.com/htdocs/m0nkey/mailtest.php",
O_RDONLY) =
26
14340 fstat64(26, {st_mode=S_IFREG|0644, st_size=292, ...}) = 0
14340 fstat64(26, {st_mode=S_IFREG|0644, st_size=292, ...}) = 0
14340 lseek(26, 0, SEEK_CUR) = 0
14340 lseek(26, 0, SEEK_SET) = 0
14340 read(26, "<?\n\n$to = \"h"..., 8192) = 292
14340 read(26, "", 8192) = 0
14340 close(26) = 0
14340 pipe([26, 27]) = 0
14340 fork() = 14356
14340 close(26) = 0
14340 fstat64(27, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0
14340 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0xb7fe7000
14340 write(27, "To: bi...@bo...\nSub"..., 125) = 125
14340 close(27) = 0
14340 waitpid(14356, <unfinished ...>
14356 getpid() = 14356
14356 close(27) = 0
14356 dup2(26, 0) = 0
14356 close(26) = 0
14356 getpid() = 14356
14356 rt_sigaction(SIGRTMIN, {SIG_DFL}, NULL, 8) = 0
14356 rt_sigaction(SIGRT_1, {SIG_DFL}, NULL, 8) = 0
14356 rt_sigaction(SIGRT_2, {SIG_DFL}, NULL, 8) = 0
14356 execve("/bin/sh", ["sh", "-c", "/usr/sbin/mini_sendmail -t -i"], [/* 25
vars */]) = -1 ELOOP (Too many levels of symbolic links)
14356 exit_group(127)
I'm guessing it's related to the symbolic links (of /bin/sh) maybe. Should
I just copy over the binary?
Thanks
pb
> m0nkey wrote:
>> Hello Ivan
>>
>> Thanks for replying again. I'm not too familiar with strace. I'm not
>> able
>> to follow the trace when I try to get mail.. Can someone point me in the
>> right direction. Here is what I've been tring to do:
>>
>>
>> strace -fF -p `pidof -s apache2`
>>
>> When I run this.. it just sits on:
>>
>> Process 9862 attached - interrupt to quit
>> semop(9633795, 0xb7d9eb4c, 1 <unfinished ...>
>>
>
> The command you're running will only attach strace to the first pid
> produced
> by `pidof apache2`. -fF will make it attempt to trace any subsequently
> forked
> processes, but it's likely that your apache2 has already spawned a number
> of
> children if you're attaching to a running server.
>
> I think the trick is to run a single worker in debug mode. The following
> should work, though you'll not be able to do this on a working server:
>
> strace -f apache2 -X
>
> It will also produce bucket-loads of output. Consider adding '-e open' to
> your
> strace. Looking for unfound files is probably a good place to start.
>
>
>
>> Thanks much
>> pb
>>
>>
>>>m0nkey wrote:
>>>
>>>>I've installed mini_sendmail and dropped it in my jail:
>>>>
>>>>/var/chroot/apache/usr/sbin/mini_sendmail
>>>>
>>>>I then changed the sendmail_path in /etc/php/apache2-php4/php.ini to
>>>>either:
>>>>/var/chroot/apache/usr/sbin/mini_sendmail
>>>>or
>>>>/usr/sbin/mini_sendmail
>>>>
>>>>I get the exact same result.. which is no mail.. no error. Just to
>>>>clarify, I restart the service with every change.
>>>>
>>>>I also noticed in your box (Apache Security p.47).. that you mention
>>>>adding SMTP=localhost for this case.. I also have that set with no
>>>> luck.
>>>
>>> Unfortunatelly that's an error, which I failed to spot in time to
>>> correct. Delivery through SMTP only works on Windows (and Netware I
>>> think).
>>>
>>>
>>>
>>>>Any ideas how to get this working is greatly appreciated.
>>>
>>> Use strace to figure out what PHP wants to do. My guess is that it
>>> tries to execute sendmail through a shell, so you'll probably
>>> need /bin/sh there as well.
>>>
>>>--
>>>Ivan Ristic
>>>Apache Security (O'Reilly) - http://www.apachesecurity.net
>>>Open source web application firewall - http://www.modsecurity.org
>>>
>>>
>>
>>
>>
>> ______________________________________
>> Get your FREE 100MB email today at http://www.wapda.com
>>
>>
>>
>>
>> -------------------------------------------------------
>> SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
>> from IBM. Find simple to follow Roadmaps, straightforward articles,
>> informative Webcasts and more! Get everything you need to get up to
>> speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
>> _______________________________________________
>> mod-security-users mailing list
>> mod...@li...
>> https://lists.sourceforge.net/lists/listinfo/mod-security-users
>>
>>
>
>
>
> -------------------------------------------------------
> SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
> from IBM. Find simple to follow Roadmaps, straightforward articles,
> informative Webcasts and more! Get everything you need to get up to
> speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
>
>
______________________________________
Get your FREE 100MB email today at http://www.wapda.com
|
