I recently set up Lighttpd, FastCGI, PHP and mysql chrooted, as presented in this guide:

http://www.cyberciti.biz/tips/howto-...oted-jail.html

My server is a development server, so I'm trying out some things using some (no groaning) exec()'s in my PHP code. I'm trying to do things step by step so I can fix/secure things as they break - hence the trying to implement a chrooted environment. Basically, I just want to do an exec("my_lcd_program"); to update a little LCD I've got in front of a webcam. However, with lighttpd chrooted, exec() appears to be absolutely nothing - no output, not even errors. I've even tried to execute silly things that don't exist - nada.

However, if I run lighttpd outside of the chroot jail, everything is fine. So I think my problem is a lack of understanding how I need things set up in the chroot environment. I was hoping someone could explain, or reference some documents, manpages, etc. that would help me figure out how I can have a PHP script execute a binary in the chrooted environtment. I've also thought it might have something to do with permissions, but I'd su-ed to www-data and can successfully perform the operations I wish while executing PHP code from the command line.

Any tips, suggestions or request for more detailed information would be greatly appreciated, thank you.

Try to set up your error reporting to E_ALL and run the exec() again:

<?php
error_reporting(E_ALL);
exec(your_command);
?>

and see if you get some errors.

As you chrooted the enviroment, I believe that the binary file you´re trying to exec is not acessible by the aplication.

[]´s, FMC!

I stuck that error_reporting line in - still no output. Any other ideas that could help me figure out why the binary can't be accessed? I've made sure it is accessible by the www-data user (in /webroot/bin, /usr/bin and /bin), which I was pretty sure lighttpd is running under this user.

After doing some more research, I came up with the following, similar post:

http://forum.lighttpd.net/topic/650

So far the binaries I've tried copying around were a program I wrote in C, which probably is dynamically linked to quite a few libraries, and uptime - which I'm guessing is also linked to a few basic things as well. It feels kinda gross to start copying libraries into the chroot environment, so perhaps I'll just make sure to use static linking when I recompile my little program.

I'll play with this for the time being and see how it goes. However, further suggestions, thoughts and comments are still much appreciated.

Using ldd, I found that the program I've was trying to execute within PHP uses the following:

linux-gate.so.1 (What exactly is this? I couldn't find it anywhere)
libc.so.6 (on my machine: /lib/tls/i686/cmov/libc.so.6)
/lib/ld-linux.so.2

I copied the two of these that I could find into /webroot/lib and then logged in as root, and entered a chroot environment (/webroot).

I ran my program and got the following error: Cannot open port!

My program sends data to the serial port, at which there's a Parrallax 16x2 LCD connected via a MAX232 circuit. I had forgotten to consider that there was no /webroot/dev/ttyS0, so I think this has been my problem. I don't know very much about PHP, but is it possible that I was not seeing any errors since print exec(...) would print the output from STDOUT and not include STDERR?

When I tried to make a symlink to the actual /dev/ttyS0 (isn't this compromising the security of the chroot environment?), I received this error when runnning my program (which open()'s /dev/ttyS0):

Cannot open port!: Too many levels of symbolic links

For the sake of details, this is how I created the symlink:

ln -s /dev/ttyS0 /webroot/dev/ttyS0

Since I do not understand why this is occurring, I take it I need to read up on how /dev is setup, and how it works. Is there any way I can access /dev/ttyS0 while in a chroot environment? If so, what types of security risks are associated with doing so?

I dont know how you coded your PHP script, but what I know is that exec can return the command result in some ways, maybe you dont see any error 'cus you're not associating its output to a variable or an array, check this.

About granting permissions to a device for a web-app, well, thats not too good, but since this device is just a serial device connected to a LCD display, I don't thing its that bad.

Maybe your worse security risk is your "my_lcd_program", if it have some buffer-overflow fault it can be exploited by some user from your web environment.

[]'s, FMC!

So I see that making the symlink I did was rather silly...kind of an infinite loop there, eh?

I ended up getting access to the serial port from within the chroot environment environment using mknod:

# mknod /webroot/dev/ttyS0 c 4 64
# chown <lighttpd-user> /dev/ttyS0
# chmod 0600 /weroot/dev/ttyS0
# ls -l /webroot/dev/ttyS0

[Oops! I made a mistake with my "results" - I'll update this post accordingly when I figure out if I still have a problem or not]

So I've gotten my /webroot/dev/ttyS0 squared away - I can chroot into /webroot and run my program to update my LCD, so all the libraries are now there. I've made sure that www-data has access to /webroot/dev/ttyS0, but exec() does absolutely nothing. I've since upgraded to PHP5, but am still having the problem, making me think it's still some chroot or lighttpd/fastcgi issue.

The PHP code is simple for now:
print exec("/usr/bin/p2lcd -1 test --debug")

I've also tried copying libproc into /webroot/lib, and having my test script print the output of uptime - still no output!

Any other ideas as to why exec() and passthru() don't appear to be working? Thank you for your help, it's much appreciated.

[update]
Using lighttpd-1.4.13 by the way - I saw that 1.4.15 has exec() issues, but this version seems to at least work when not chrooted

I have an idea now...

I've tried your script to maybe have an idea (I know that I dont have p2lcd in any place, but I just tried...), look the result:
Pay attention... SH gives the error, so, maybe you need a shell to be able to use exec()!

Just an idea!

[]'s, FMC!

And the right idea at that! It certainly works for what I need. So I guess now I just have to evaluate whether or not a chroot environment with sh, a PHP script with an exec() and a custom program is really worth running

Thanks FMC, let me know if you have any suggestions regarding any security touch-ups.

Well, if you're so worried about security, you should take a look in a way to isolate every user in his home dir with apache.
The last time I searched for a XMPP (apache modules) for a per-user environment it wasnt stable yet, so I isolated the user with the open_basedir parameter from PHP. You can set a different open_basedir for each site running on apache, have a look on my vhost.conf file:

This avoid a user inside, for example, /var/www/google.com/ to read documents on /var/www/yahoo.com/ with php file handling functions!

Just a tip for you!

[]'s, FMC!

Hi friends

I am also having same problem i.e i am using shell_exec and run java file from php code , i am using chroot concept , i put java inside the chroot,even though i am not able to get output with shell_exec because shell is out side the chroot , if i remove the chroot I lose my security so please tell how to use shell_exec under chroot.

Thanks and Regards

swamy