[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Jailkit-users] jk_lsh: problem with single quotes / requested execu
|
From: |
Leo |
|
Subject: |
Re: [Jailkit-users] jk_lsh: problem with single quotes / requested executable not found |
|
Date: |
Tue, 03 May 2011 08:53:04 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10 |
On 04/28/2011 09:22 AM, Olivier Sessink wrote:
> On 04/20/2011 04:39 PM, Leo wrote:
>> Hello,
>>
>> I'm using jk_lsh in a chroot environment for a webserver. Really great
>> software! You have no interactive shell within the chroot (for security
>> reasons) but the application is able to execute system commands anyway.
>>
>> Now I have a small problem: one of the web applications is passing the
>> commands with single quotes to jk_lsh. Unfortunately jk_lsh does not
>> strip the quotes and exits with a "requested executable not found"
>> error:
>>
>> jk_lsh -c "'/bin/ls' '-l'"
>>
>> jk_lsh[23012]: jk_lsh version 2.13, started
>> jk_lsh[23012]: the requested executable '/bin/ls' is not found
>>
>> whereas
>>
>> jk_lsh -c '/bin/ls -l'
>> and
>> jk_lsh -c "/bin/ls -l"
>>
>> are working fine.
>>
>> Regular shells like (ba)sh can handle single quotes in a command:
>>
>> sh -c "'/bin/ls' '-l'"
>>
>> Any ideas why jk_lsh does not work with single quotes? Any help would be
>> appreciated!
>
> I have an idea: it simply doesn't strip quotes. But that doesn't help
> you. I'm not sure what to do about it. Can you easily fix it on the
> side of the web application?
>
> Olivier
>
Thanks for your reply. Unfortunately it is not possible to fix the web
application. It is a out-of-the-box CMS system. But wouldn't it make
sense to patch the jailkit shell that it strips the quotes? Then it will
behave like other (standard) shells. This is what people would expect I
think.
Leo
- Re: [Jailkit-users] jk_lsh: problem with single quotes / requested executable not found,
Leo <=