here is an example script

cd /data/www/

cat <<EOF
Content-type: text/plain

your ip is $REMOTE_ADDR
which reverse resolves to `host $REMOTE_ADDR 2>/dev/null| awk '{print $NF}' 2>/dev/null`

chmod +x

and here is how to enable it inside a chroot. note that are are dealing with thttpd’s' chroot, the vhost do NOT have any dedicated one

cd /data/www/
mkdir bin/
mkdir lib/
cp /bin/sh bin/
ldd /bin/sh
cp /lib/ lib/
cp /lib/ lib/
cp /lib/ lib/
chroot ./ /bin/sh


chroot: /bin/sh: No such file or directory

ktrace chroot ./ /bin/sh
kdump | less

and search for open -1 errno 2

mkdir libexec/
cp /libexec/ld.elf_so libexec/

add a few more things to the env

cp /bin/cat bin/
ldd /bin/cat

mkdir -p usr/bin/
cp /usr/bin/awk usr/bin/
ldd /usr/bin/awk
mkdir -p usr/lib/
cp /usr/lib/ usr/lib/

cp /usr/bin/host usr/bin/
ldd /usr/bin/host
for f in `ldd /usr/bin/host | sed 1d | awk '{print $NF}'`; do
    cp -vf $f usr/lib
done; unset f

#cp /usr/bin/dig usr/bin/
#ldd /usr/bin/dig
#for f in `ldd /usr/bin/dig | sed 1d | awk '{print $NF}'`; do
#   cp -vf $f usr/lib
#done; unset f

mkdir -p usr/libexec/
cp /usr/libexec/ld.elf_so usr/libexec/

mkdir dev/

for some reason I get 0,0 instead of 46,1 (coz of ext2fs?)

#mknod -m 644 -g wheel -u root dev/urandom c 46 1

so let us go dirty

ln ../../../dev/null dev/
ln ../../../dev/urandom dev/
ll dev/


crw-rw-rw-   2 root  wheel   2, 2 May  3 20:00 null
crw-r--r--   2 root  wheel  46, 1 Apr 24 09:00 urandom

chroot ./ /usr/bin/awk
chroot ./ /usr/bin/host
#chroot ./ /usr/bin/dig

and finaly test the CGI itself

ln -s lala
chroot ./ /lala
rm -f lala

Nethence | Pub | Lab | Pbraun | SNE Russia | xhtml