PERL CGI - Apache chroot
Justin Krejci
jus at krytosvirus.com
Tue Jun 6 03:10:12 PDT 2006
On Saturday 03 June 2006 12:26 pm, Nick Guenther wrote:
> On 6/3/06, MK <public at kubikcz.net> wrote:
> > Hello to all
> >
> > I'm trying to make a simple PERL CGI script for wakeing computers on LAN.
> > For this purpose I installed p5-Net-Wake-0.02.tgz PERL modul from
> > packages.
> >
> > Script works but only in not chrooted Apache.( packet is sent ) For
> > chrooted Apache in OpenBSD I followed help instructions on
> > http://livenudefrogs.com/~anubis/servers/apache_perl_chroot.shtml.
> >
> > Script is executed without any complains but packet is not sent. Apache
> > error log is clean. I also tryed to make a list of necessary files by
> > Systrace -A.
> >
> > Maybe there is a problem because the modul needs access to:
> >
> > native-fsread: filename eq "/etc/malloc.conf" then permit
> > native-fsread: filename eq "/dev/arandom" then permit
> >
> > But I'm not sure as I don't have any experience with systrace.
> >
> > Thank you for any help.
>
> Hi MK,
>
> Everything that programs under a chroot need must be in the chroot
> with them. Probably the two files you listed are part of the problem
> but there may be others too.
>
> Try running tcpdump and watching for the packets (see man tcpdump for
> how to filter out uninteresting ones). This will show if it's really
> not getting sent.
>
> Then, go into the module's code and start looking for what it might
> need. Sprinkle open FH, ">>out.txt"; print FH, "debug info:"-type code
> throughout it and try to find where it's dying, if it is.
>
> -Nick
I used kdump and ktrace to diagnose what files were being accessed (or trying
to be accessed) while setting up a site in a chroot environment. This helped
track down the missing files so I could add them to the chroot.
More information about the Openbsd-newbies
mailing list