Skip Menu |

This queue is for tickets about the Net-Daemon-SSL CPAN distribution.

Report information
The Basics
Id: 41441
Status: new
Priority: 0/
Queue: Net-Daemon-SSL
People
Owner: Nobody in particular
Requestors: abelromero [...] hotmail.es
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Fri Dec 05 00:04:38 2008 abelromero [...] hotmail.es - Ticket created
Subject: Net-Daemon-SSL problems when chrooting and u/g id downgrading
Date: Fri, 5 Dec 2008 06:02:53 +0100
To: <bug-Net-Daemon-SSL [...] rt.cpan.org>
From: Abel Romero Pérez <abelromero [...] hotmail.es>
Jai, I had had problems when playing with Net::Daemon::SSL in jailed environments. If you specify chroot path, user and group conf. options, the module tries to change its gid:uid after the chroot, this is a problem when trying to rule the proogie without worring about library dependencies since getpwnam, etc... is used to retrieve group and user ids. I'll try to explain in practice: -- httpd.conf -- { 'chroot' => '/home/bar/httpd', 'facility' => 'daemon', 'pidfile' => '/httpd.pid', 'user' => 'httpd', 'group' => 'httpd', 'localaddr' => 'localhost', 'localport' => '9090', 'mode' => 'single', 'logfile' => 'STDERR', 'catchint' => 1, 'debug' => 1, # Access control 'clients' => [ # Accept the local { 'mask' => '^*.*.*.*$', 'accept' => 1 } ] } -- httpd.conf -- -- script output -- Fri Dec 5 05:58:52 2008 debug, Server starting in operation mode single Fri Dec 5 05:58:54 2008 notice, Server starting Fri Dec 5 05:58:54 2008 debug, Writing PID to /httpd.pid Fri Dec 5 05:58:54 2008 debug, Changing root directory to /home/bar/httpd Fri Dec 5 05:58:54 2008 debug, Changing GID to httpd Fri Dec 5 05:58:54 2008 err, Cannot determine gid of httpd: Función ioctl no apropiada para el dispositivo Cannot determine gid of httpd: Función ioctl no apropiada para el dispositivo at /usr/local/share/perl/5.8.8/Net/Daemon.pm line 581. at /usr/local/share/perl/5.8.8/Net/Daemon/Log.pm line 136. -- script output -- -- strace output -- chroot("/home/bar/httpd") = 0 . . . open("/etc/ld.so.cache", O_RDONLY) = -1 ENOENT (No such file or directory) open("/lib/tls/i686/cmov/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/lib/tls/i686/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/lib/tls/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/lib/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/i686/cmov/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/i686/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/lib/i486-linux-gnu/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/lib/i486-linux-gnu/libnss_compat.so.2", O_RDONLY) = -1 ENOENT (No such file or directory) -- strace output -- I had solved the problem just adding a getpwnam("root"); before the daemon object is created so it loads the libraries before. Maybe I'm wrong becouse there is a "normal way". Nice work with the mod, keep it running. Abel Romero.