Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
cannot chroot static executable
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Unsupported Software
View previous topic :: View next topic  
Author Message
javeree
Guru
Guru


Joined: 29 Jan 2006
Posts: 344

PostPosted: Fri Sep 12, 2014 3:53 pm    Post subject: cannot chroot static executable Reply with quote

I have downloaded a 32 bit binary on my 32 bit Gentoo. The program runs fine:

Quote:
~/mc2xml_chrootjail $ ./mc2xml -c be -g 2390
Loading ..... : mc2xml (c) <mc2xml@gmail.com> (v1.2)
Reminder .... : Unauthorized redistribution prohibited.
Reminder .... : If this software is useful, please donate!
Reading ..... : mc2xml.dat
Downloading . : microsoft.com
Status ...... : No new data available


Now I want to run this is a chroot, so I do:

Quote:
ldd ./mc2xml
not a dynamic executable

file ./mc2xml
./mc2xml: ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, stripped

readelf -a ./mc2xml
ELF Header:
Magic: 7f 45 4c 46 01 01 01 03 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - GNU
ABI Version: 0
Type: EXEC (Executable file)
Machine: Intel 80386
Version: 0x1
Entry point address: 0xdc2528
Start of program headers: 52 (bytes into file)
Start of section headers: 0 (bytes into file)
Flags: 0x0
Size of this header: 52 (bytes)
Size of program headers: 32 (bytes)
Number of program headers: 2
Size of section headers: 40 (bytes)
Number of section headers: 0
Section header string table index: 0

There are no sections in this file.

There are no sections to group in this file.

Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
LOAD 0x000000 0x00c01000 0x00c01000 0x1c1cdd 0x1c1cdd R E 0x1000
LOAD 0x000590 0x08417590 0x08417590 0x00000 0x00000 RW 0x1000

There is no dynamic section in this file.

There are no relocations in this file.

The decoding of unwind sections for machine type Intel 80386 is not currently supported.

No version information found in this file.


then I run su and try to chroot:
Quote:
mc2xml_chrootjail # chroot . ./mc2xml
Loading ..... : mc2xml (c) <mc2xml@gmail.com> (v1.2)
Reminder .... : Unauthorized redistribution prohibited.
Reminder .... : If this software is useful, please donate!
Reading ..... : mc2xml.dat
terminate called after throwing an instance of 'std::length_error'
what(): basic_string::_S_create
Aborted


This happens consistenly, so It looks like the chroot changes something thet the executable needs. Is there a way to find out what this is ? All my attempts failed. All I managed further to do was:
Quote:
chroot . /strace /mc2xml
execve("/mc2xml", ["/mc2xml"], [/* 45 vars */]) = 0
old_mmap(0xdc3000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0xdc3000) = 0xdc3 000
readlink("/proc/self/exe", 0xbfd24524, 4096) = -1 ENOENT (No such file or directory)
old_mmap(0x8048000, 3839876, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x804800 0
mprotect(0x8048000, 3839873, PROT_READ|PROT_EXEC) = 0
old_mmap(0x83f3000, 70763, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x83f3000
mprotect(0x83f3000, 70760, PROT_READ|PROT_WRITE) = 0
old_mmap(0x8405000, 75152, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x8405000
brk(0x8418000) = 0x996b000
munmap(0xc02000, 1843200) = 0
uname({sys="Linux", node="Hermes", ...}) = 0
brk(0) = 0x996b000
brk(0x996bcc0) = 0x996bcc0
set_thread_area({entry_number:-1 -> 6, base_addr:0x996b840, limit:1048575, seg_32bit:1, contents:0, read_exec_only: 0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
brk(0x998ccc0) = 0x998ccc0
brk(0x998d000) = 0x998d000
time(NULL) = 1410535837
open("/etc/localtime", O_RDONLY) = -1 ENOENT (No such file or directory)
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 7), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7712000
write(1, "Loading ..... : mc2xml (c) <mc2x"..., 53Loading ..... : mc2xml (c) <mc2xml@gmail.com> (v1.2)
) = 53
write(1, "Reminder .... : Unauthorized red"..., 56Reminder .... : Unauthorized redistribution prohibited.
) = 56
write(1, "Reminder .... : If this software"..., 59Reminder .... : If this software is useful, please donate!
) = 59
open("mc2xml.dat", O_RDONLY|O_LARGEFILE) = 3
write(1, "Reading ..... : mc2xml.dat\n", 27Reading ..... : mc2xml.dat
) = 27
read(3, "Telenet Analog Kabel (incl. Loen"..., 8191) = 104
read(3, "", 8191) = 0
close(3) = 0
time(NULL) = 1410535837
getpid() = 29358
open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = -1 ENOENT (No such file or directory)
open("/dev/random", O_RDONLY|O_NOCTTY|O_NONBLOCK) = -1 ENOENT (No such file or directory)
open("/dev/srandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = -1 ENOENT (No such file or directory)
socket(PF_LOCAL, SOCK_STREAM, 0) = 3
connect(3, {sa_family=AF_LOCAL, sun_path="/var/run/egd-pool"}, 19) = -1 ENOENT (No such file or directory)
close(3) = 0
socket(PF_LOCAL, SOCK_STREAM, 0) = 3
connect(3, {sa_family=AF_LOCAL, sun_path="/dev/egd-pool"}, 15) = -1 ENOENT (No such file or directory)
close(3) = 0
socket(PF_LOCAL, SOCK_STREAM, 0) = 3
connect(3, {sa_family=AF_LOCAL, sun_path="/etc/egd-pool"}, 15) = -1 ENOENT (No such file or directory)
close(3) = 0
socket(PF_LOCAL, SOCK_STREAM, 0) = 3
connect(3, {sa_family=AF_LOCAL, sun_path="/etc/entropy"}, 14) = -1 ENOENT (No such file or directory)
close(3) = 0
getuid32() = 0
time(NULL) = 1410535837
write(2, "terminate called after throwing "..., 48terminate called after throwing an instance of ') = 48
write(2, "std::length_error", 17std::length_error) = 17
write(2, "'\n", 2'
) = 2
write(2, " what(): ", 11 what(): ) = 11
write(2, "basic_string::_S_create", 23basic_string::_S_create) = 23
write(2, "\n", 1
) = 1
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
tgkill(29358, 29358, SIGABRT) = 0
--- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=29358, si_uid=0} ---
+++ killed by SIGABRT +++
Aborted
Back to top
View user's profile Send private message
steveL
Watchman
Watchman


Joined: 13 Sep 2006
Posts: 5153
Location: The Peanut Gallery

PostPosted: Fri Sep 12, 2014 6:07 pm    Post subject: Reply with quote

It needs a random device:
Code:
open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = -1 ENOENT (No such file or directory)
open("/dev/random", O_RDONLY|O_NOCTTY|O_NONBLOCK) = -1 ENOENT (No such file or directory)
open("/dev/srandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = -1 ENOENT (No such file or directory)
# ..continues with non-Linux variants

That's why the handbook has instructions for mounting /proc, /dev, and /sys in the /mnt/gentoo chroot:
Code:
mount -t proc proc "$CHROOT/proc"
mount --rbind /sys "$CHROOT/sys"
mount --rbind /dev "$CHROOT/dev"

If you prefer you can just:
Code:
mount --bind /dev/urandom "$CHROOT/dev/urandom"
mount --bind /dev/random "$CHROOT/dev/random"
..as part of your startup script, though it may well need other things.
For instance: /dev/null is pretty essential, /dev/zero and /dev/console are also usually needed.

The traditional method is to use mknod or the MKNOD(iirc) wrapper to make essential devices. However if you just want it to run as if it were under your machine, use the full sequence above.
Back to top
View user's profile Send private message
javeree
Guru
Guru


Joined: 29 Jan 2006
Posts: 344

PostPosted: Fri Sep 19, 2014 8:06 am    Post subject: Reply with quote

That seems to have done the trick (there's still an error, but that error also happens outside the chroot, so unrelated to this post)

It's funny that there are quite some places that explain chrooting and using ldd to find dependencies and import them in the chroot, but most seem to forget about /dev/ et al.
Is there a systematic way to find out which /dev/nodes a program uses (I doubt it, given that these are just file handles) ? I would assume that when using chroot to isolate a program, you don't want to expose all /dev/ nodes, but only the ones needed, so it would be good if there would be a trick to list which ones are used.
Back to top
View user's profile Send private message
steveL
Watchman
Watchman


Joined: 13 Sep 2006
Posts: 5153
Location: The Peanut Gallery

PostPosted: Fri Sep 19, 2014 9:44 am    Post subject: Reply with quote

javeree wrote:
Is there a systematic way to find out which /dev/nodes a program uses (I doubt it, given that these are just file handles) ? I would assume that when using chroot to isolate a program, you don't want to expose all /dev/ nodes, but only the ones needed, so it would be good if there would be a trick to list which ones are used.

Use strace -e trace=file
cf: man 1 strace
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Unsupported Software All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum