I have seen a problem mentioned on this list about some libraries being
skipped in the mkchroot.sh script. I also had this same problem, and I
have included a patch to fix it.
The problem is that the output of 'ldd' has a strange format. Some
lines look like "basename => fullpath (hexaddress)", while some others
omit the fullpath or the basename. For example:
[EMAIL PROTECTED] dist(i386)]$ ldd /usr/libexec/openssh/sftp-server
linux-gate.so.1 => (0xb7f31000)
libcrypto.so.4 => /lib/libcrypto.so.4 (0xb7e34000)
libutil.so.1 => /lib/libutil.so.1 (0xb7e30000)
libz.so.1 => /usr/lib/libz.so.1 (0xb7e20000)
libnsl.so.1 => /lib/libnsl.so.1 (0xb7e0a000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0xb7ddc000)
libselinux.so.1 => /lib/libselinux.so.1 (0xb7dce000)
libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0xb7db9000)
libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xb7d54000)
libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xb7d33000)
libcom_err.so.2 => /lib/libcom_err.so.2 (0xb7d30000)
libresolv.so.2 => /lib/libresolv.so.2 (0xb7d1d000)
libc.so.6 => /lib/tls/libc.so.6 (0xb7bf2000)
libdl.so.2 => /lib/libdl.so.2 (0xb7bed000)
/lib/ld-linux.so.2 (0xb7f32000)
[EMAIL PROTECTED] dist(i386)]$
The current script (from v2.3.2) has two small errors:
(1) On the first line, creates an empty directory named "/home/rssh.".
(2) On the last line, it does not copy the library.
The following patch cleans up the extra directory, if it is present and
empty. And it parses the output of ldd in a slightly different way, so
all of the libraries will be copied (note that linux-gate is not an
actual file, but resides in RAM).
Alan Porter
--- rssh-2.2.1/mkchroot.sh.orig 2007-06-22 13:28:36.000000000 -0400
+++ rssh-2.2.1/mkchroot.sh 2007-06-25 13:13:10.000000000 -0400
@@ -61,6 +61,14 @@
fi
fi
+# Previous versions of this script incorrectly created a
+# directory named "/home/rssh.". We check here instead of
+# in the RPM spec file because we know the value of $jail_dir
+# here.
+if [ -d "$jail_dir." ] ; then
+ rmdir "$jail_dir."
+fi
+
if [ -n "$owner" -a `whoami` = "root" ]; then
echo "Setting owner of jail."
chown "$owner" "$jail_dir"
@@ -128,11 +136,47 @@
for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path; do
echo "Copying libraries for $prog."
- libs=`ldd $prog | tr -s ' ' | cut -d' ' -f3`
- for lib in $libs; do
- mkdir -p "$jail_dir$(dirname $lib)"
- echo -e "\t$lib"
- cp "$lib" "$jail_dir$lib"
+ #libs=`ldd $prog | tr -s ' ' | cut -d' ' -f3`
+
+ # SAMPLE OUTPUT OF 'LDD'
+ # [EMAIL PROTECTED] dist(i386)]$ ldd /usr/libexec/openssh/sftp-server
+ # linux-gate.so.1 => (0xb7f31000)
+ # libcrypto.so.4 => /lib/libcrypto.so.4 (0xb7e34000)
+ # libutil.so.1 => /lib/libutil.so.1 (0xb7e30000)
+ # libz.so.1 => /usr/lib/libz.so.1 (0xb7e20000)
+ # libnsl.so.1 => /lib/libnsl.so.1 (0xb7e0a000)
+ # libcrypt.so.1 => /lib/libcrypt.so.1 (0xb7ddc000)
+ # libselinux.so.1 => /lib/libselinux.so.1 (0xb7dce000)
+ # libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0xb7db9000)
+ # libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xb7d54000)
+ # libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xb7d33000)
+ # libcom_err.so.2 => /lib/libcom_err.so.2 (0xb7d30000)
+ # libresolv.so.2 => /lib/libresolv.so.2 (0xb7d1d000)
+ # libc.so.6 => /lib/tls/libc.so.6 (0xb7bf2000)
+ # libdl.so.2 => /lib/libdl.so.2 (0xb7bed000)
+ # /lib/ld-linux.so.2 (0xb7f32000)
+ # [EMAIL PROTECTED] dist(i386)]$
+
+ # Sometimes (see linux-gate.so.1), there is no full path.
+ # Sometimes (see /lib/ld-linux.so.2), there is no base filename.
+ # Most of the time, there is a base filename and a full path.
+ # If we just look for words that start with "/", this catches
them all.
+
+ # Look at each space-separated word of the ldd output.
+ for lib in `ldd $prog` ; do
+ # See if the word begins with '/'.
+ if [ `echo $lib | cut -c1` == "/" ] ; then
+ # Don't repeat our previous work.
+ if [ ! -f "$jail_dir$lib" ] ; then
+ # If the directory does not exist, make it.
+ if [ ! -d "$jail_dir$(dirname $lib)" ] ;
then
+ mkdir -p "$jail_dir$(dirname $lib)"
+ fi
+ # Copy the library to the jail.
+ echo -e "\t$lib"
+ cp "$lib" "$jail_dir$lib"
+ fi
+ fi
done
done
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
rssh-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rssh-discuss
