thanks! On Tue, Jun 26, 2007 at 05:11:32PM -0400, Alan Porter wrote: > > I have seen a problem mentioned on this list about some libraries being > skipped in the mkchroot.sh script. I also had this same problem, and I > have included a patch to fix it. > > The problem is that the output of 'ldd' has a strange format. Some > lines look like "basename => fullpath (hexaddress)", while some others > omit the fullpath or the basename. For example: > > [EMAIL PROTECTED] dist(i386)]$ ldd /usr/libexec/openssh/sftp-server > linux-gate.so.1 => (0xb7f31000) > libcrypto.so.4 => /lib/libcrypto.so.4 (0xb7e34000) > libutil.so.1 => /lib/libutil.so.1 (0xb7e30000) > libz.so.1 => /usr/lib/libz.so.1 (0xb7e20000) > libnsl.so.1 => /lib/libnsl.so.1 (0xb7e0a000) > libcrypt.so.1 => /lib/libcrypt.so.1 (0xb7ddc000) > libselinux.so.1 => /lib/libselinux.so.1 (0xb7dce000) > libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0xb7db9000) > libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xb7d54000) > libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xb7d33000) > libcom_err.so.2 => /lib/libcom_err.so.2 (0xb7d30000) > libresolv.so.2 => /lib/libresolv.so.2 (0xb7d1d000) > libc.so.6 => /lib/tls/libc.so.6 (0xb7bf2000) > libdl.so.2 => /lib/libdl.so.2 (0xb7bed000) > /lib/ld-linux.so.2 (0xb7f32000) > [EMAIL PROTECTED] dist(i386)]$ > > The current script (from v2.3.2) has two small errors: > (1) On the first line, creates an empty directory named "/home/rssh.". > (2) On the last line, it does not copy the library. > > The following patch cleans up the extra directory, if it is present and > empty. And it parses the output of ldd in a slightly different way, so > all of the libraries will be copied (note that linux-gate is not an > actual file, but resides in RAM). > > Alan Porter > > > > > --- rssh-2.2.1/mkchroot.sh.orig 2007-06-22 13:28:36.000000000 -0400 > +++ rssh-2.2.1/mkchroot.sh 2007-06-25 13:13:10.000000000 -0400 > @@ -61,6 +61,14 @@ > fi > fi > > +# Previous versions of this script incorrectly created a > +# directory named "/home/rssh.". We check here instead of > +# in the RPM spec file because we know the value of $jail_dir > +# here. > +if [ -d "$jail_dir." ] ; then > + rmdir "$jail_dir." > +fi > + > if [ -n "$owner" -a `whoami` = "root" ]; then > echo "Setting owner of jail." > chown "$owner" "$jail_dir" > @@ -128,11 +136,47 @@ > > for prog in $scp_path $sftp_server_path $rssh_path $chroot_helper_path; do > echo "Copying libraries for $prog." > - libs=`ldd $prog | tr -s ' ' | cut -d' ' -f3` > - for lib in $libs; do > - mkdir -p "$jail_dir$(dirname $lib)" > - echo -e "\t$lib" > - cp "$lib" "$jail_dir$lib" > + #libs=`ldd $prog | tr -s ' ' | cut -d' ' -f3` > + > + # SAMPLE OUTPUT OF 'LDD' > + # [EMAIL PROTECTED] dist(i386)]$ ldd /usr/libexec/openssh/sftp-server > + # linux-gate.so.1 => (0xb7f31000) > + # libcrypto.so.4 => /lib/libcrypto.so.4 (0xb7e34000) > + # libutil.so.1 => /lib/libutil.so.1 (0xb7e30000) > + # libz.so.1 => /usr/lib/libz.so.1 (0xb7e20000) > + # libnsl.so.1 => /lib/libnsl.so.1 (0xb7e0a000) > + # libcrypt.so.1 => /lib/libcrypt.so.1 (0xb7ddc000) > + # libselinux.so.1 => /lib/libselinux.so.1 (0xb7dce000) > + # libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0xb7db9000) > + # libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xb7d54000) > + # libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xb7d33000) > + # libcom_err.so.2 => /lib/libcom_err.so.2 (0xb7d30000) > + # libresolv.so.2 => /lib/libresolv.so.2 (0xb7d1d000) > + # libc.so.6 => /lib/tls/libc.so.6 (0xb7bf2000) > + # libdl.so.2 => /lib/libdl.so.2 (0xb7bed000) > + # /lib/ld-linux.so.2 (0xb7f32000) > + # [EMAIL PROTECTED] dist(i386)]$ > + > + # Sometimes (see linux-gate.so.1), there is no full path. > + # Sometimes (see /lib/ld-linux.so.2), there is no base filename. > + # Most of the time, there is a base filename and a full path. > + # If we just look for words that start with "/", this catches > them all. > + > + # Look at each space-separated word of the ldd output. > + for lib in `ldd $prog` ; do > + # See if the word begins with '/'. > + if [ `echo $lib | cut -c1` == "/" ] ; then > + # Don't repeat our previous work. > + if [ ! -f "$jail_dir$lib" ] ; then > + # If the directory does not exist, make it. > + if [ ! -d "$jail_dir$(dirname $lib)" ] ; > then > + mkdir -p "$jail_dir$(dirname $lib)" > + fi > + # Copy the library to the jail. > + echo -e "\t$lib" > + cp "$lib" "$jail_dir$lib" > + fi > + fi > done > done > > >
> ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > rssh-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/rssh-discuss -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D
pgpKKWS8msKfe.pgp
Description: PGP signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ rssh-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rssh-discuss
