Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 21 Mar 2002 3:3:14 +1000
From:      Richard <guyuan@telpacific.com.au>
To:        "freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG>
Subject:   CGIwrap's chroot
Message-ID:  <200203201553.g2KFrgd20864@sydmail3.telpacific.com.au>
next in thread | raw e-mail | index | archive | help 

I am working on CGIWrap these days. I install this
because I want to limit the user in certain directories.
But, I cann't work this out.

All my virtual hosts are under the directory /home/clients
eg. /home/clients/site1, /home/clients/site2
all these sites' html files are located in
/home/clients/username/http
and the cgi-bin directory is at
/home/clients/username/cgi-bin

All these users are in the same group 'clients'.

I configure the cgiwrap with
./configure --with-cgi-dir=cgi-bin --with-install-dir=/usr/local/cgiwrap --with-httpd-user=nobody --with-install-group=wheel --with-chroot=../..
Then compile it.

I added the following settings in my httpd.conf in apache
<VirtualHost 192.168.0.2>
DocumentRoot /home/clients/123
ServerName site123
ScriptAlias /cgi-bin/ /usr/local/cgiwrap/
UserDir http
ScriptAliasMatch ~(.*)/cgi-bin/(.*) /home/clients/$1/cgi-bin/$2
</VirtualHost>

I use http://site123/cgi-bin/cgiwrap/123/env.cgi to test. Everything
seems to be well. However, I noticed that I can still go to
/  or /usr by using system() or readdir. I want to limit the CGI under /home/clients
Obveriously, the CHROOTing is not working properly.

Then I tried 
--with-chroot=/					CGI can execute, but no chroot
--with-chroot=..				CGI cann't execute
--with-chroot=/home/clients		CGI cann't execute

I tried sbox, with configuration
#define ROOT "../.."
#define CGI_BIN "../cgi-bin"
Everything goes well, and I can limit the users in a directory.
However, sbox does not seem to support a lot of Perl scripts.
Many scripts cann't execute after I installed the sbox.

Can anyon know how to work out the Chroot in CGIwrap?

Anyone who can help me will be very appreciated.

Thank you.

N'rzǧvf&j:+v "ryy笶*')w*z

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203201553.g2KFrgd20864>