Blame
Date:
Thu Jan 27 05:00:26 2022
UTC
Message:
Daily backup
11
2021-12-17
text=In /etc/httpd.conf:%0a%0a[@%0aserver "www.example.com" {%0a listen on * port 80%0a root "/htdocs/perl"%0a location "*.pl" { %0a fastcgi%0a }%0a location "/.well-known/acme-challenge/*" {%0a root "/acme"%0a request strip 2%0a }%0a}%0a@]%0a%0aTo figure out what files need to be copied into the chroot:%0a%0a$ ldd /usr/bin/perl %0a/usr/bin/perl:%0a Start End Type Open Ref GrpRef Name%0a 0000022622dc8000 0000022622dcd000 exe 1 0 0 /usr/bin/perl%0a 000002285bdc7000 000002285c133000 rlib 0 1 0 /usr/lib/libperl.so.20.0%0a 00000228c7de6000 00000228c7e16000 rlib 0 2 0 /usr/lib/libm.so.10.1%0a 000002282f00d000 000002282f101000 rlib 0 2 0 /usr/lib/libc.so.96.0%0a 0000022914fb2000 0000022914fb2000 ld.so 0 1 0 /usr/libexec/ld.so%0a%0a%0aSo I start with this initial guess to build the chroot. I run the following as root:%0a%0a[@%0amkdir -p /var/www/usr/{bin,lib,libexec}%0acp /usr/bin/perl /var/www/usr/bin/%0acp -p /usr/lib/lib{c,m,perl}.so* /var/www/usr/lib/%0acp /usr/libexec/ld.so /var/www/usr/libexec/%0a@]%0a%0aWe need to turn on slowcgi:%0a%0a[@%0a$ doas rcctl enable slowcgi%0a$ doas rcctl start slowcgi%0a@]%0a%0aThen we run:%0a%0a$ doas chroot -u www -g daemon /var/www perl%0a%0aI test some random gibberish to make sure perl works inside the chroot:%0a%0a[@%0aprint "shibboleth";%0a@]%0a%0aThen ctrl+d to escape; and since it echoes @@shibboleth@@, it works.%0a%0aNext, I create the directory to hold perl scripts:%0a%0a[@%0amkdir -p /var/www/htdocs/perl/%0a@]%0a%0aNow I put an index.pl in /var/www/htdocs/perl/ just to see if the web server loads it:%0a%0a[@%0a#!/usr/bin/perl -w%0ause strict;%0aprint "Content-Type:text/html\n\n";%0aprint "This is the index file for www.example.com\n";%0a@]%0a%0aMake sure to set the proper permissions:%0a%0a[@%0a$ doas chown -R www:daemon /var/www/htdocs/perl/%0a$ doas chmod +x /var/www/htdocs/perl/index.pl%0a@]%0a%0aAt this point I try running this command:%0a%0a[@%0a$ curl example.com/index.pl%0a@]%0a%0aI get a 500 Internal Error, which means perl is not able to execute properly.%0a%0aSo I search for missing perl libraries:%0a%0a[@%0a$ doas find / -iname '*perl*'%0a@]%0a%0aThe interesting one is the folder /usr/libdata/perl5 . We definitely need these libraries, so I update my script for creating the chroot:%0a%0a[@%0amkdir -p /var/www/usr/{bin,lib,libexec,libdata}%0acp /usr/bin/perl /var/www/usr/bin/%0acp -p /usr/lib/lib{c,m,perl,pthread,util,z}.so* /var/www/usr/lib/%0acp /usr/libexec/ld.so /var/www/usr/libexec/%0acp -R /usr/libdata/perl5 /var/www/usr/libdata/%0amkdir -p /var/www/{tmp,dev}%0achown www:daemon /var/www/tmp%0atouch /var/www/dev/null%0a@]%0a
14
2021-12-17
diff:1634227713:1634227679:=82c82%0a%3c $ curl example.com/index.pl%0a---%0a> $ curl example.ircnow.org:8080/index.pl%0a
17
2021-12-17
diff:1634227679:1634227443:=4c4%0a%3c server "www.example.com" {%0a---%0a> server "example.ircnow.org" {%0a69c69%0a%3c print "This is the index file for www.example.com\n";%0a---%0a> print "This is the index file for perl.oddprotocol.cf\n";%0a
20
2021-12-17
diff:1634227443:1634226675:=56,61d55%0a%3c %0a%3c Next, I create the directory to hold perl scripts:%0a%3c %0a%3c [@%0a%3c mkdir -p /var/www/htdocs/perl/%0a%3c @]%0a
23
2021-12-17
diff:1634226675:1634226648:=95,97d94%0a%3c mkdir -p /var/www/{tmp,dev}%0a%3c chown www:daemon /var/www/tmp%0a%3c touch /var/www/dev/null%0a
26
2021-12-17
diff:1634226648:1634226322:=34c34,36%0a%3c cp -p /usr/lib/lib{c,m,perl}.so* /var/www/usr/lib/%0a---%0a> cp /usr/lib/libperl.so.20.0 /var/www/usr/lib/%0a> cp /usr/lib/libm.so.10.1 /var/www/usr/lib/%0a> cp /usr/lib/libc.so.96.0 /var/www/usr/lib/%0a92c94,96%0a%3c cp -p /usr/lib/lib{c,m,perl,pthread,util,z}.so* /var/www/usr/lib/%0a---%0a> cp /usr/lib/libperl.so.20.0 /var/www/usr/lib/%0a> cp /usr/lib/libm.so.10.1 /var/www/usr/lib/%0a> cp /usr/lib/libc.so.96.0 /var/www/usr/lib/%0a
29
2021-12-17
diff:1634226322:1634224002:=5c5%0a%3c listen on * port 80%0a---%0a> listen on * port 8080%0a
32
2021-12-17
diff:1634224002:1634221998:=92c92,95%0a%3c mkdir -p /var/www/usr/{bin,lib,libexec,libdata}%0a---%0a> mkdir -p /var/www/usr/bin/%0a> mkdir -p /var/www/usr/lib/%0a> mkdir -p /var/www/usr/libexec/%0a> mkdir -p /var/www/usr/libdata/%0a
35
2021-12-17
diff:1634221998:1614760349:=32c32,34%0a%3c mkdir -p /var/www/usr/{bin,lib,libexec}%0a---%0a> mkdir -p /var/www/usr/bin/%0a> mkdir -p /var/www/usr/lib/%0a> mkdir -p /var/www/usr/libexec/%0a102c104%0a%3c @]%0a---%0a> @]%0a\ No newline at end of file%0a
38
2021-12-17
diff:1614760349:1613878114:=40,46d39%0a%3c @]%0a%3c %0a%3c We need to turn on slowcgi:%0a%3c %0a%3c [@%0a%3c $ doas rcctl enable slowcgi%0a%3c $ doas rcctl start slowcgi%0a
41
2021-12-17
diff:1613878114:1613836132:=61,67d60%0a%3c @]%0a%3c %0a%3c Make sure to set the proper permissions:%0a%3c %0a%3c [@%0a%3c $ doas chown -R www:daemon /var/www/htdocs/perl/%0a%3c $ doas chmod +x /var/www/htdocs/perl/index.pl%0a
47
2021-12-17
diff:1613836122:1613835464:=29,30c29,30%0a%3c So I start with this initial guess to build the chroot. I run the following as root:%0a%3c %0a---%0a> So we run the following as root:%0a> %0a44,90c44%0a%3c $ doas chroot -u www -g daemon /var/www perl%0a%3c %0a%3c I test some random gibberish to make sure perl works inside the chroot:%0a%3c %0a%3c [@%0a%3c print "shibboleth";%0a%3c @]%0a%3c %0a%3c Then ctrl+d to escape; and since it echoes @@shibboleth@@, it works.%0a%3c %0a%3c Now I put an index.pl in /var/www/htdocs/perl/ just to see if the web server loads it:%0a%3c %0a%3c [@%0a%3c #!/usr/bin/perl -w%0a%3c use strict;%0a%3c print "Content-Type:text/html\n\n";%0a%3c print "This is the index file for perl.oddprotocol.cf\n";%0a%3c @]%0a%3c %0a%3c At this point I try running this command:%0a%3c %0a%3c [@%0a%3c $ curl example.ircnow.org:8080/index.pl%0a%3c @]%0a%3c %0a%3c I get a 500 Internal Error, which means perl is not able to execute properly.%0a%3c %0a%3c So I search for missing perl libraries:%0a%3c %0a%3c [@%0a%3c $ doas find / -iname '*perl*'%0a%3c @]%0a%3c %0a%3c The interesting one is the folder /usr/libdata/perl5 . We definitely need these libraries, so I update my script for creating the chroot:%0a%3c %0a%3c [@%0a%3c mkdir -p /var/www/usr/bin/%0a%3c mkdir -p /var/www/usr/lib/%0a%3c mkdir -p /var/www/usr/libexec/%0a%3c mkdir -p /var/www/usr/libdata/%0a%3c cp /usr/bin/perl /var/www/usr/bin/%0a%3c cp /usr/lib/libperl.so.20.0 /var/www/usr/lib/%0a%3c cp /usr/lib/libm.so.10.1 /var/www/usr/lib/%0a%3c cp /usr/lib/libc.so.96.0 /var/www/usr/lib/%0a%3c cp /usr/libexec/ld.so /var/www/usr/libexec/%0a%3c cp -R /usr/libdata/perl5 /var/www/usr/libdata/%0a%3c @]%0a\ No newline at end of file%0a---%0a> $ doas chroot -u www -g daemon /var/www perl%0a\ No newline at end of file%0a
53
2021-12-17
diff:1613835412:1613835047:=15,44c15%0a%3c @]%0a%3c %0a%3c To figure out what files need to be copied into the chroot:%0a%3c %0a%3c $ ldd /usr/bin/perl %0a%3c /usr/bin/perl:%0a%3c Start End Type Open Ref GrpRef Name%0a%3c 0000022622dc8000 0000022622dcd000 exe 1 0 0 /usr/bin/perl%0a%3c 000002285bdc7000 000002285c133000 rlib 0 1 0 /usr/lib/libperl.so.20.0%0a%3c 00000228c7de6000 00000228c7e16000 rlib 0 2 0 /usr/lib/libm.so.10.1%0a%3c 000002282f00d000 000002282f101000 rlib 0 2 0 /usr/lib/libc.so.96.0%0a%3c 0000022914fb2000 0000022914fb2000 ld.so 0 1 0 /usr/libexec/ld.so%0a%3c %0a%3c %0a%3c So we run the following as root:%0a%3c %0a%3c [@%0a%3c mkdir -p /var/www/usr/bin/%0a%3c mkdir -p /var/www/usr/lib/%0a%3c mkdir -p /var/www/usr/libexec/%0a%3c cp /usr/bin/perl /var/www/usr/bin/%0a%3c cp /usr/lib/libperl.so.20.0 /var/www/usr/lib/%0a%3c cp /usr/lib/libm.so.10.1 /var/www/usr/lib/%0a%3c cp /usr/lib/libc.so.96.0 /var/www/usr/lib/%0a%3c cp /usr/libexec/ld.so /var/www/usr/libexec/%0a%3c @]%0a%3c %0a%3c Then we run:%0a%3c %0a%3c $ doas chroot -u www -g daemon /var/www perl%0a\ No newline at end of file%0a---%0a> @]%0a\ No newline at end of file%0a
56
2021-12-17
diff:1613835047:1613835047:=1,15d0%0a%3c In /etc/httpd.conf:%0a%3c %0a%3c [@%0a%3c server "example.ircnow.org" {%0a%3c listen on * port 8080%0a%3c root "/htdocs/perl"%0a%3c location "*.pl" { %0a%3c fastcgi%0a%3c }%0a%3c location "/.well-known/acme-challenge/*" {%0a%3c root "/acme"%0a%3c request strip 2%0a%3c }%0a%3c }%0a%3c @]%0a\ No newline at end of file%0a