[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jailkit-users] jk_lsh: problem with single quotes / requested execu

From: Olivier Sessink
Subject: Re: [Jailkit-users] jk_lsh: problem with single quotes / requested executable not found
Date: Thu, 28 Apr 2011 09:22:20 +0200
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20110223 Thunderbird/3.1.8

On 04/20/2011 04:39 PM, Leo wrote:

I'm using jk_lsh in a chroot environment for a webserver. Really great
software! You have no interactive shell within the chroot (for security
reasons) but the application is able to execute system commands anyway.

Now I have a small problem: one of the web applications is passing the
commands with single quotes to jk_lsh. Unfortunately jk_lsh does not
strip the quotes and exits with a "requested executable not found" error:

jk_lsh -c "'/bin/ls' '-l'"

jk_lsh[23012]: jk_lsh version 2.13, started
jk_lsh[23012]: the requested executable '/bin/ls' is not found


jk_lsh -c '/bin/ls -l'
jk_lsh -c "/bin/ls -l"

are working fine.

Regular shells like (ba)sh can handle single quotes in a command:

sh -c "'/bin/ls' '-l'"

Any ideas why jk_lsh does not work with single quotes? Any help would be

I have an idea: it simply doesn't strip quotes. But that doesn't help you. I'm not sure what to do about it. Can you easily fix it on the side of the web application?


Bluefish website http://bluefish.openoffice.nl/
Blog http://oli4444.wordpress.com/

reply via email to

[Prev in Thread] Current Thread [Next in Thread]