This wiki page suggests using a chroot jail to sandbox Python, but
wouldn't running something like this in your sandboxed Python instance
still break you out of the chroot jail:
os.execle ('/usr/bin/python','-c','import os; os.execlp("/bin/sh")',
{})
or maybe:
del os.environ['LD_PRELOAD']
os.execl ('/usr/bin/python','-c','import os; os.execlp("/bin/sh")')
My ISP suggested these as counter-examples to my request for a chroot
jail. (I couldn't even get Python running in chroot to test this, nor
could I run these commands locally in Python on Ubuntu, though maybe
they opened sh?)
So is a chroot jail not adequate for sandboxing Python?
-Greg
Jun 25 '07
12 7258
The os.exec call prepends the chroot directory to the absolute path,
but does NOT provide chroot for the child process. However, as long
as the environment is maintained, which contains an LD_PRELOAD, the
"chroot" will also be maintained. If LD_PRELOAD is removed or
ignored, then the chroot is ineffective.
As others have mentioned (which I just repeat for additional
support): Your ISP is probably thinking of fakeroot, which
is entirely unlike chroot(2), with the latter being a proper
kernel mechanism, not dynamic library trickery (which would
indeed be easy to break out of).
Regards,
Martin
On Jun 25, 4:12 pm, Bjoern Schliessmann <usenet-
mail-0306.20.chr0n.. .@spamgourmet.c omwrote:
gregpin...@gmai l.com wrote:
I followed up with my ISP. Here's the answer I got:
The os.exec call prepends the chroot directory to the absolute
path, but does NOT provide chroot for the child process.
That sounds like rubbish to me. If it worked like that, chrooting
servers would be virtually useless.
You're right. It turns out he was referring to fakechroot. Chroot
shouldn't have this problem.
-Greg
To launch a child process in a chroot you can easily just fork and
then make the chroot syscall in the child process immediately after
the fork.
It's not so easy. On Linux, you need to have the CAP_SYS_CHROOT
capability to invoke the syscall; on other systems, you may have
to be root.
Regards,
Martin This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Andy |
last post by:
On my webserver the web components are seperated into a chroot jail so
it cannot access any of the mail (courier-mta) components. Does anyone
know of a way to change how mail() functions? i.e. have it connect to an
smtp server, rather than try to refrence the sendmail binary? Any help
would be greatly appreciated! thanks.
|
by: SuicidalLabRat |
last post by:
Is it Possable to build a chroot() like function using
the abID and ITEMIDLIST structures, wherein the context
in which a process runs ( this includes boundries to
inter process communication )can't be reversed. Once you
have executed one of the system calls (chroot or some new
new_sys_context {namespace} ),the process can't get back
from this jail? This would need to affect the current
process and all its child processes. I am...
|
by: alchimista |
last post by:
hi, I've succesfully installed mysql on linux 2.4.x (TRUSTIX), I've
tried to move it on my chroot jail but after 10s it crashes with the
following message:
--- cut here----
040602 18:22:21 InnoDB: Started
/usr/local/mysql/libexec/mysqld: ready for connections.
Version: '4.0.20' socket: '/var/run/mysql/mysql.sock' port: 3306
mysqld got signal 11;
This could be because you hit a bug. It is also possible that this
binary
|
by: Bill Moran |
last post by:
I'm having some problems. Hopefully there are some FreeBSD folks here
that can help me out, if not, I'll try the FreeBSD lists next.
I'm running Postgres 7.4 installed from a just cvsupped FreeBSD ports.
I've got a production machine that's going to need a lot of upgrades, and
I want to test them out prior to upgrading the production environment.
So I built a jail on the production machine to install the new software
in and test prior. ...
|
by: Vikram |
last post by:
Hi,
I am using postgresql 8.0beta in a freebsd jail environment. My inittdb
gives me a message like:
---
creating template1 database in /home/..../db/base/1 ... FATAL: could
not create shared memory segment: Function not implemented
DETAIL: Failed system call was shmget(key=1, size=1187840, 03600).
child process exited with exit code 1
initdb: failed
| |
by: goodnamesalltaken |
last post by:
Hello fellow python users,
I've been working on a basic implementation of a privilege separated
web server, and I've goto the point of running a basic cgi script.
Basically when the execCGI function in my Unpriv.py program is called a
few things should happen, it should fork (which it does), the stdout of
the child should be redirected to a given pipe (which it does), and the
script should execute using execve(which is has problems...
|
by: Fredrik Tolf |
last post by:
Hi List!
I was thinking about secure Python code execution, and I'd really
appreciate some comments from those who know Python better than I do.
I was thinking that maybe it could be possible to load and run untrusted
Python code, simply by loading it in a module with a modified version of
__builtins__. Without any reachable function that do unsafe operations,
code running from there shouldn't be able to do evil things.
|
by: Þ¾¯ |
last post by:
/************************************************** ***
*** chrexec.c ***
*This shit can be called from root or from any user (in that case executable
* should have 06755 permisions) and should chroot and exec program
* (specified in command line parameter) in general, but it doesn`t.
* ************************************************** **/
#include <sys/types.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
|
by: support\.intranet |
last post by:
Hello! I'm writing a small script and I need to call the os.chroot function. The problem is, a few lines below I need to call a program in /usr/bin. Is there a way to exit from the chroot, or to limit the chroot to a single function or thread?
Thanks in advance
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |