LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   coping neccesary python files to chroot area (https://www.linuxquestions.org/questions/linux-security-4/coping-neccesary-python-files-to-chroot-area-261629/)

dominant 12-02-2004 02:48 AM
coping neccesary python files to chroot area
 
I lately installed the python and mod_python for my apache.
Now i am wondering what are the necessary files (python, mod_python related) that must be copied to the chrooted area.

zatriz 12-03-2004 04:18 PM
if you type "rpm -ql mod_python" it will list all the files that the module installed
The files that i would probably copy over are


/etc/httpd/conf.d/python.conf
/usr/lib/httpd/modules/mod_python.so
/usr/lib/python2.2/site-packages/mod_python
/usr/lib/python2.2/site-packages/mod_python/__init__.py
/usr/lib/python2.2/site-packages/mod_python/__init__.pyc
/usr/lib/python2.2/site-packages/mod_python/__init__.pyo
/usr/lib/python2.2/site-packages/mod_python/apache.py
/usr/lib/python2.2/site-packages/mod_python/apache.pyc
/usr/lib/python2.2/site-packages/mod_python/apache.pyo
/usr/lib/python2.2/site-packages/mod_python/cgihandler.py
/usr/lib/python2.2/site-packages/mod_python/cgihandler.pyc
/usr/lib/python2.2/site-packages/mod_python/cgihandler.pyo
/usr/lib/python2.2/site-packages/mod_python/publisher.py
/usr/lib/python2.2/site-packages/mod_python/publisher.pyc
/usr/lib/python2.2/site-packages/mod_python/publisher.pyo
/usr/lib/python2.2/site-packages/mod_python/util.py
/usr/lib/python2.2/site-packages/mod_python/util.pyc
/usr/lib/python2.2/site-packages/mod_python/util.pyo


you can skip the html files

linux_terror 12-04-2004 04:36 AM
it may just point at some of the files in the previous post but do a
Code:
ldd /usr/lib/httpd/modules/mod_python.so
if its in a true chroot jail you'll need to copy all the files ldd finds into the jail.

just for shits 'n' giggles here's the output from mine on RHAS3 with apache 2.0.51

[root@linuxtorrents modules]# ldd mod_python.so
libdl.so.2 => /lib/libdl.so.2 (0xb7513000)
libpthread.so.0 => /lib/tls/libpthread.so.0 (0xb7503000)
libutil.so.1 => /lib/libutil.so.1 (0xb7500000)
libm.so.6 => /lib/tls/libm.so.6 (0xb74de000)
libc.so.6 => /lib/tls/libc.so.6 (0xb73a7000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)


linux_terror

dominant 12-04-2004 10:04 AM
well, copied that files that the ldd indicates, but most of the files are links to another shared library.

If i copy a link (to anothery library) do i copy that actual library?

linux_terror 12-04-2004 03:51 PM
yes, copy the actual libraries into the jail, remember that the user has no priveleges to do anything above the chroot. you basically have to in effect build its own little OS inside the jail.

linux_terror

dominant 12-05-2004 07:09 AM
I am wondering if the lost link can cause any failure?

I mean when mod_python.so looks for /lib/libpyth.so.1
which is a link to /lib/libpyth.so.9 and it finds (a renamed file
in practice) (/lib/libpyth.so.1 with the content of /lib/libpyth.so.9).

dominant 12-17-2004 03:30 AM
Hello again

I can run python in chrooted are now

Code:
/usr/sbin/chroot /chroot /usr/local/bin/python
but when i try to integrate python with apache through mod_python then apache crases after creating many idle servers (140 approximately).

I have also copied the mod_python.so and the libraries that ldd indecates concerning mod_python.so


All times are GMT -5. The time now is 03:18 PM.