[scponly] jail on openbsd - patch included

G 0kita goo13c at gmail.com
Thu May 5 10:19:12 EDT 2005 

--  diff included  --

I'm installing scponly on OpenBSD 3.6 and noticed there's a problem
with the make jail script.  Specifically OpenBSD has a different
output for ldd than the script expects.  This creates an empty
LIB_LIST and consequently a non-working jail.

>From Knoppix:
# uname -sr
Linux 2.4.27
# ldd -V
ldd (GNU libc) 2.3.2
Copyright (C) 2003 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.
# ldd /usr/bin/scp
	libresolv.so.2 => /lib/libresolv.so.2 (0x40027000)
	libcrypto.so.0.9.7 => /usr/lib/i686/cmov/libcrypto.so.0.9.7 (0x40039000)
	libutil.so.1 => /lib/libutil.so.1 (0x40138000)
	libz.so.1 => /usr/lib/libz.so.1 (0x4013c000)
	libnsl.so.1 => /lib/libnsl.so.1 (0x4014e000)
	libcrypt.so.1 => /lib/libcrypt.so.1 (0x40163000)
	libc.so.6 => /lib/libc.so.6 (0x40190000)
	libdl.so.2 => /lib/libdl.so.2 (0x402c3000)
	/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

>From OpenBSD:
# uname -sr
OpenBSD 3.6
# head -1 /usr/src/gnu/usr.bin/ld/ldd/ldd.c
/*	$OpenBSD: ldd.c,v 1.13 2002/12/08 16:26:58 millert Exp $	*/
# ldd /usr/bin/scp
/usr/bin/scp:
	Start    End      Type Ref Name
	00000000 00000000 exe   1  /usr/bin/scp
	0ac62000 2ac9a000 rlib  1  /usr/lib/libc.so.34.1
	0b22a000 0b22a000 rtld  1  /usr/libexec/ld.so


So I added a few lines to the setup_chroot.sh which test for uname and
use a different LIB_LIST command.
--warning-- This does require the existance of the command 'tr' (it's
pretty standard).
I also included a commented check for an empty LIB_LIST as an option
so if any other os uses this type of ldd it could get caught.
When run under OpenBSD 3.6 it produces:
/usr/lib/libc.so.34.1 /usr/lib/libcrypto.so.11.0 /usr/libexec/ld.so

Diff follows.

G0kita


#diff -naur setup_chroot.sh setup_chroot.sh_new

--- setup_chroot.sh	Wed May  4 18:06:58 2005
+++ setup_chroot.sh_new	Wed May  4 19:34:30 2005
@@ -68,6 +68,14 @@
 fi
 LIB_LIST=`/usr/bin/ldd $BINARIES 2> /dev/null | /usr/bin/cut -f2 -d\>
| /usr/bin/cut -f1 -d\( | /usr/bin/grep "^ " | /usr/bin/sort -u`
 
+#if [ "x$LIB_LIST" == "x" ]; then
+if [ `uname -s` == "OpenBSD" ]; then
+	for bin in $BINARIES; do
+		GREP_LIST="$GREP_LIST -e $bin"
+	done
+	LIB_LIST=`/usr/bin/ldd $BINARIES 2> /dev/null | /usr/bin/tr -s " " |
/usr/bin/cut -f5 -d" " | /usr/bin/grep -v "^Name" | /usr/bin/grep -v
$GREP_LIST | /usr/bin/sort -u`
+fi
+
 #
 #	we also need to add some form of ld.so, here are some good guesses.
 #

More information about the scponly mailing list