Dan wrote:
>
> I have a Apache 2.0.54 compiled with mod_security 1.8.7 and I'm using
> SecChrootDir. I'm trying to figure out why my PHP exec() call is
> failing by using strace.
That's probably because you have no /bin/sh in the jail. PHP requires
it. In general, the internal chroot mechanism is unlikely to be
good enough if you have a need to execute external binaries. In such
cases you are much better off creating a proper jail.
> To run strace I'm starting Apache in debug
> mode (-X) like below:
>
> strace /usr/local/apache2/bin/httpd -X
>
> However, SecChrootDir seems to have a problem when I start Apache in
> debug mode. I get the following error in the log.
>
> [emerg] mod_security: chroot requested but not completed! Exiting.
>
> This makes it slightly difficult to check my PHP script's exec() with
> strace while in jail. Is this a known problem? Is there any work
> arounds or alternative methods to get the debugging information I'm after?
You are right, strace breaks the way the internal chroot mechanism
works. However, that is only true in 1.8.x. I have been planning to
make some changes to the internal chroot mechanism in 1.9 and,
prompted by your email, I made them today. As a side effect of these
changes strace will work with 1.9.x.
Try this (for testing only, *not* for production systems):
http://cvs.sourceforge.net/viewcvs.py/*checkout*/mod-security/mod_security/apache2/mod_security.c
--
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org
|
