Re: [mod-security-users] SecUploadApproveScript problems
Brought to you by:
victorhora,
zimmerletw
From: <ar...@po...> - 2006-09-20 02:02:33
|
I tried changing that but now I get: mod_security-message: Access denied with code 403. Error verifying files: v= erify_uploaded_file: Execution of the approver script "/bin/uploadparse.sh"= failed [severity "EMERGENCY"] And if I try to run it from the chroot: host:/# uploadparse.sh /var/www/test.php host:/# host:/# uploadparse.sh /var/www/DyN_Fuente.tar host:/# Any idea ? Thanks. ----- Mensaje Original ----- According to the man page, use "exit" instead of "echo"<br /> <br /> <br /> #!/bin/bash<br /> <br /> TIPO_ARCHIVO=3D`file $1`<br /> <br /> if [ "$TIPO_ARCHIVO" =3D "$1: PHP script text" ]; then<br /> exit 1<br /> else<br /> exit 0<br /> fi<br /> <br /> <br /> <br /> Ariel Jolodovsky wrote:<br /> > #!/bin/bash<br /> ><br /> > TIPO_ARCHIVO=3D`file $1`<br /> ><br /> > if [ "$TIPO_ARCHIVO" =3D "$1: PHP script text" ]; then<br /> > echo "1"<br /> > else<br /> > echo "0"<br /> > fi<br /> ><br /> ><br /> > It works in the shell but not from www... Is this how I am suppoused to r= eturn <br /> > values ?<br /> ><br /> > El Martes, 19 de Septiembre de 2006 1:53 PM, escribi=F3:<br /> > <br /> >> On 9/19/06, Ariel Jolodovsky <ar...@po...> wrote:<br /> >> <br /> >>> We're getting closer !<br /> >>> You were right, I needed bash and it's libs, I added them and then I wa= s<br /> >>> able to chroot (via bash) into /var/chroot/apache.<br /> >>> ...<br /> >>><br /> >>> host:/#<br /> >>> uploadparse.sh /tmp/20060919-132113-200.123.150.117-IronMaidenCover.JPG= <br /> >>> 0<br /> >>> <br /> >> You need to return 1 if you want to allow file, 0 if you don't.<br /> >> <br /> ><br /> > -------------------------------------------------------------------------= <br /> > Take Surveys. Earn Cash. Influence the Future of IT<br /> > Join SourceForge.net's Techsay panel and you'll get the chance to share y= our<br /> > opinions on IT & business topics through brief surveys -- and earn cash<b= r /> > <a href=3D"http://www.techsay.com/default.php?page=3Djoin.php&p=3Dsourcef= orge&CID=3DDEVDEV">www.techsay.com/default.php?page=3Djoin.php&p=3Dsourcefo= rge&CID=3DDEVDEV</a><br /> > _______________________________________________<br /> > mod-security-users mailing list<br /> > mod...@li...<br /> > https://lists.sourceforge.net/lists/listinfo/mod-security-users<br /> ><br /> > <br /> <br /> |