[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Jailkit-users] jk_lsh: problem with single quotes / requested execu
Re: [Jailkit-users] jk_lsh: problem with single quotes / requested executable not found
Thu, 28 Apr 2011 09:22:20 +0200
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:188.8.131.52) Gecko/20110223 Thunderbird/3.1.8
On 04/20/2011 04:39 PM, Leo wrote:
I'm using jk_lsh in a chroot environment for a webserver. Really great
software! You have no interactive shell within the chroot (for security
reasons) but the application is able to execute system commands anyway.
Now I have a small problem: one of the web applications is passing the
commands with single quotes to jk_lsh. Unfortunately jk_lsh does not
strip the quotes and exits with a "requested executable not found" error:
jk_lsh -c "'/bin/ls' '-l'"
jk_lsh: jk_lsh version 2.13, started
jk_lsh: the requested executable '/bin/ls' is not found
jk_lsh -c '/bin/ls -l'
jk_lsh -c "/bin/ls -l"
are working fine.
Regular shells like (ba)sh can handle single quotes in a command:
sh -c "'/bin/ls' '-l'"
Any ideas why jk_lsh does not work with single quotes? Any help would be
I have an idea: it simply doesn't strip quotes. But that doesn't help
you. I'm not sure what to do about it. Can you easily fix it on the side
of the web application?
Bluefish website http://bluefish.openoffice.nl/