Re: [mod-security-users] mod-security, SecChroot & suexec

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

No luck, I even tried all the other libs on p46 (PDF p33).  These included:

"/usr/lib/apache2/suexec2", "/lib/libnss_files.so*", "/bin/ls", 
"/etc/nsswitch.conf", "/etc/passwd", "/etc/group", "/etc/shadow", 
"/lib/libnss_dns*", "/etc/hosts", "/etc/resolv.conf", "/etc/localtime"

plus:

packages=["perl", "perl-base", "perl-modules", "rcs", "imagemagick", 
"libnss-db"]

Same error appears:

[Mon Oct 17 23:40:45 2005] [error] [client w.x.y.z] Premature end of 
script headers: test

*** suexec.log ***[2005-10-17 23:40:45]: crit: invalid uid: (33)

Any other ideas?

Jinn

Ivan Ristic wrote:
> Jinn Koriech wrote:
> 
>> Hi Ivan,
>>
>> Thanks for your response.
>>
>> I have tried copying the /etc/passwd, /etc/group and /etc/shadow files 
>> into the jail with no luck - still the same error.
> 
> 
>   Have a look at page 46 of Apache Security (ch2): you may need
>   /etc/nsswitch.conf and /lib/libnss_files.so too.
> 
> 
>> Thanks for the link to the upcoming O'rielly Apache security book.
> 
> 
>   It's been published in March this year :)
> 
> 
>> I am considering this approach as a last resort, however I would 
>> ideally like to achieve the chroot without having to put all of 
>> Apache2 into the jail.
> 
> 
>   Considering you want to start new processes - that may not be possible.
> 