ARMv7l 플랫폼, 즉 BusyBox에 일부 정적 바이너리(Kobo eReader, InkBox OS 프로젝트 참조)가 포함된 chroot가 있습니다. 루트로서의 chroot는 잘 작동합니다.
kobo:/kobo/mnt/onboard/onboard/.apps/Sanki# env PATH=/system-bin /tmp/chroot /data/onboard/.apps/Sanki/ /app-temp/busybox sh
kobo:/# whoami
whoami: unknown uid 0 #### I am root
kobo:/#
그런 다음 다음 옵션을 통해 권한이 없는 사용자로 chroot에 로그인을 시도했습니다 --userspec
.
kobo:/kobo/mnt/onboard/onboard/.apps/Sanki# env PATH=/system-bin /tmp/chroot --userspec=user:user /data/onboard/.apps/Sanki/ /app-temp/busybox sh
chroot: failed to run command ‘/app-temp/busybox’: Permission denied
kobo:/kobo/mnt/onboard/onboard/.apps/Sanki#
스택 추적:
kobo:/kobo/mnt/onboard/onboard/.apps/Sanki# strace env PATH=/system-bin /tmp/chroot --userspec=user:user /data/onboard/.apps/Sanki/ /system-bin/busybox sh
execve("/usr/bin/env", ["env", "PATH=/system-bin", "/tmp/chroot", "--userspec=user:user", "/data/onboard/.apps/Sanki/", "/system-bin/busybox", "sh"], 0x7e8f5cf8 /* 17 vars */) = 0
set_tls(0x2ad13388) = 0
set_tid_address(0x2ad13f3c) = 3925
brk(NULL) = 0x2abcd000
brk(0x2abcf000) = 0x2abcf000
mmap2(0x2abcd000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2abcd000
open("/etc/ld-musl-armhf.path", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/lib/libacl.so.1", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
statx(3, "", AT_STATX_SYNC_AS_STAT|AT_EMPTY_PATH, STATX_BASIC_STATS, 0x7eafe5f8) = -1 ENOSYS (Function not implemented)
fstat64(3, {st_mode=S_IFREG|0755, st_size=17616, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0h\22\0\0004\0\0\0"..., 936) = 936
mmap2(NULL, 86016, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x2abcf000
mmap2(0x2abe2000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x3000) = 0x2abe2000
close(3) = 0
open("/lib/libattr.so.1", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
statx(3, "", AT_STATX_SYNC_AS_STAT|AT_EMPTY_PATH, STATX_BASIC_STATS, 0x7eafe5f8) = -1 ENOSYS (Function not implemented)
fstat64(3, {st_mode=S_IFREG|0755, st_size=13480, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\320\r\0\0004\0\0\0"..., 936) = 936
mmap2(NULL, 81920, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x2abe4000
mmap2(0x2abf6000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x2000) = 0x2abf6000
close(3) = 0
mprotect(0x2abe2000, 4096, PROT_READ) = 0
mprotect(0x2abf6000, 4096, PROT_READ) = 0
mprotect(0x2abb5000, 24576, PROT_READ) = 0
prctl(PR_SET_NAME, "env") = 0
prctl(PR_SET_KEEPCAPS, 2125458926) = -1 EINVAL (Invalid argument)
execve("/tmp/chroot", ["/tmp/chroot", "--userspec=user:user", "/data/onboard/.apps/Sanki/", "/system-bin/busybox", "sh"], 0x7eafecf4 /* 17 vars */) = 0
set_tls(0x2acff388) = 0
set_tid_address(0x2acfff3c) = 3925
brk(NULL) = 0x2ac75000
brk(0x2ac77000) = 0x2ac75000
mmap2(NULL, 8192, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ab4b000
mprotect(0x2ab4c000, 4096, PROT_READ|PROT_WRITE) = 0
open("/etc/ld-musl-armhf.path", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/lib/libacl.so.1", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
statx(3, "", AT_STATX_SYNC_AS_STAT|AT_EMPTY_PATH, STATX_BASIC_STATS, 0x7e811648) = -1 ENOSYS (Function not implemented)
fstat64(3, {st_mode=S_IFREG|0755, st_size=17616, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0h\22\0\0004\0\0\0"..., 936) = 936
mmap2(NULL, 86016, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x2ad00000
mmap2(0x2ad13000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x3000) = 0x2ad13000
close(3) = 0
open("/lib/libattr.so.1", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
statx(3, "", AT_STATX_SYNC_AS_STAT|AT_EMPTY_PATH, STATX_BASIC_STATS, 0x7e811648) = -1 ENOSYS (Function not implemented)
fstat64(3, {st_mode=S_IFREG|0755, st_size=13480, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\320\r\0\0004\0\0\0"..., 936) = 936
mmap2(NULL, 81920, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x2aaf1000
mmap2(0x2ab03000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x2000) = 0x2ab03000
close(3) = 0
mprotect(0x2ad13000, 4096, PROT_READ) = 0
mprotect(0x2ab03000, 4096, PROT_READ) = 0
mprotect(0x2ac5d000, 24576, PROT_READ) = 0
prctl(PR_SET_NAME, "/tmp/chroot") = 0
prctl(PR_SET_KEEPCAPS, 2122391093) = -1 EINVAL (Invalid argument)
mmap2(NULL, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaec000
statx(AT_FDCWD, "/data", AT_STATX_SYNC_AS_STAT|AT_SYMLINK_NOFOLLOW, STATX_BASIC_STATS, 0x7e8119b0) = -1 ENOSYS (Function not implemented)
lstat64("/data", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
statx(AT_FDCWD, "/data/onboard", AT_STATX_SYNC_AS_STAT|AT_SYMLINK_NOFOLLOW, STATX_BASIC_STATS, 0x7e8119b0) = -1 ENOSYS (Function not implemented)
lstat64("/data/onboard", {st_mode=S_IFDIR|0755, st_size=6656, ...}) = 0
statx(AT_FDCWD, "/data/onboard/.apps", AT_STATX_SYNC_AS_STAT|AT_SYMLINK_NOFOLLOW, STATX_BASIC_STATS, 0x7e8119b0) = -1 ENOSYS (Function not implemented)
lstat64("/data/onboard/.apps", {st_mode=S_IFDIR|0755, st_size=512, ...}) = 0
statx(AT_FDCWD, "/data/onboard/.apps/Sanki", AT_STATX_SYNC_AS_STAT|AT_SYMLINK_NOFOLLOW, STATX_BASIC_STATS, 0x7e8119b0) = -1 ENOSYS (Function not implemented)
lstat64("/data/onboard/.apps/Sanki", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
munmap(0x2aaec000, 16384) = 0
open("/etc/passwd", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aac0000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "root:x:0:0:root:/root:/bin/ash\nb"..., 1024) = 1024
read(3, "mail:/sbin/nologin\nntp:x:123:123"..., 1024) = 302
close(3) = 0
munmap(0x2aac0000, 4096) = 0
open("/etc/group", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac4d000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "root:x:0:root\nbin:x:1:root,bin,d"..., 1024) = 730
close(3) = 0
munmap(0x2ac4d000, 4096) = 0
open("/etc/passwd", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ab7d000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "root:x:0:0:root:/root:/bin/ash\nb"..., 1024) = 1024
read(3, "mail:/sbin/nologin\nntp:x:123:123"..., 1024) = 302
close(3) = 0
munmap(0x2ab7d000, 4096) = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0) = 3
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aac7000
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 24) = -1 ENOENT (No such file or directory)
close(3) = 0
munmap(0x2aac7000, 4096) = 0
open("/etc/group", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aacc000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "root:x:0:root\nbin:x:1:root,bin,d"..., 1024) = 730
read(3, "", 1024) = 0
close(3) = 0
munmap(0x2aacc000, 4096) = 0
chroot("/data/onboard/.apps/Sanki/") = 0
chdir("/") = 0
open("/etc/passwd", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aacd000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "user::1000:1000:user:/root:/syst"..., 1024) = 42
close(3) = 0
munmap(0x2aacd000, 4096) = 0
open("/etc/group", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ab7e000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "user:x:1000:\n", 1024) = 13
close(3) = 0
munmap(0x2ab7e000, 4096) = 0
open("/etc/passwd", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac4d000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "user::1000:1000:user:/root:/syst"..., 1024) = 42
close(3) = 0
munmap(0x2ac4d000, 4096) = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0) = 3
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac4d000
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 24) = -1 ENOENT (No such file or directory)
close(3) = 0
munmap(0x2ac4d000, 4096) = 0
open("/etc/group", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ab0b000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "user:x:1000:\n", 1024) = 13
read(3, "", 1024) = 0
close(3) = 0
munmap(0x2ab0b000, 4096) = 0
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1 RT_2], [], 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[], NULL, 8) = 0
setgroups32(1, [1000]) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1 RT_2], [], 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[], NULL, 8) = 0
setgid32(1000) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1 RT_2], [], 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[], NULL, 8) = 0
setuid32(1000) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
execve("/system-bin/busybox", ["/system-bin/busybox", "sh"], 0x7e811d3c /* 17 vars */) = -1 EACCES (Permission denied)
fcntl64(1, F_GETFL) = 0x20002 (flags O_RDWR|O_LARGEFILE)
writev(2, [{iov_base="chroot: ", iov_len=8}, {iov_base=NULL, iov_len=0}], 2chroot: ) = 8
writev(2, [{iov_base="failed to run command \342\200\230/system"..., iov_len=47}, {iov_base=NULL, iov_len=0}], 2failed to run command ‘/system-bin/busybox’) = 47
writev(2, [{iov_base=": Permission denied", iov_len=19}, {iov_base=NULL, iov_len=0}], 2: Permission denied) = 19
writev(2, [{iov_base="", iov_len=0}, {iov_base="\n", iov_len=1}], 2
) = 1
close(1) = 0
close(2) = 0
exit_group(126) = ?
+++ exited with 126 +++
kobo:/kobo/mnt/onboard/onboard/.apps/Sanki# strace env PATH=/system-bin /tmp/chroot --userspec=user:user /data/onboard/.apps/Sanki/ /app-temp/busybox sh
execve("/usr/bin/env", ["env", "PATH=/system-bin", "/tmp/chroot", "--userspec=user:user", "/data/onboard/.apps/Sanki/", "/app-temp/busybox", "sh"], 0x7ec2bcf8 /* 17 vars */) = 0
set_tls(0x2ad36388) = 0
set_tid_address(0x2ad36f3c) = 3929
brk(NULL) = 0x2abef000
brk(0x2abf1000) = 0x2abf1000
mmap2(0x2abef000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2abef000
open("/etc/ld-musl-armhf.path", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/lib/libacl.so.1", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
statx(3, "", AT_STATX_SYNC_AS_STAT|AT_EMPTY_PATH, STATX_BASIC_STATS, 0x7ebfe608) = -1 ENOSYS (Function not implemented)
fstat64(3, {st_mode=S_IFREG|0755, st_size=17616, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0h\22\0\0004\0\0\0"..., 936) = 936
mmap2(NULL, 86016, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x2abf1000
mmap2(0x2ac04000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x3000) = 0x2ac04000
close(3) = 0
open("/lib/libattr.so.1", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
statx(3, "", AT_STATX_SYNC_AS_STAT|AT_EMPTY_PATH, STATX_BASIC_STATS, 0x7ebfe608) = -1 ENOSYS (Function not implemented)
fstat64(3, {st_mode=S_IFREG|0755, st_size=13480, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\320\r\0\0004\0\0\0"..., 936) = 936
mmap2(NULL, 81920, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x2ac06000
mmap2(0x2ac18000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x2000) = 0x2ac18000
close(3) = 0
mprotect(0x2ac04000, 4096, PROT_READ) = 0
mprotect(0x2ac18000, 4096, PROT_READ) = 0
mprotect(0x2abd7000, 24576, PROT_READ) = 0
prctl(PR_SET_NAME, "env") = 0
prctl(PR_SET_KEEPCAPS, 2126507504) = -1 EINVAL (Invalid argument)
execve("/tmp/chroot", ["/tmp/chroot", "--userspec=user:user", "/data/onboard/.apps/Sanki/", "/app-temp/busybox", "sh"], 0x7ebfed04 /* 17 vars */) = 0
set_tls(0x2ad7d388) = 0
set_tid_address(0x2ad7df3c) = 3929
brk(NULL) = 0x2ac45000
brk(0x2ac47000) = 0x2ac47000
mmap2(0x2ac45000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2ac45000
open("/etc/ld-musl-armhf.path", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/lib/libacl.so.1", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
statx(3, "", AT_STATX_SYNC_AS_STAT|AT_EMPTY_PATH, STATX_BASIC_STATS, 0x7eab9648) = -1 ENOSYS (Function not implemented)
fstat64(3, {st_mode=S_IFREG|0755, st_size=17616, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0h\22\0\0004\0\0\0"..., 936) = 936
mmap2(NULL, 86016, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x2ab0a000
mmap2(0x2ab1d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x3000) = 0x2ab1d000
close(3) = 0
open("/lib/libattr.so.1", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
statx(3, "", AT_STATX_SYNC_AS_STAT|AT_EMPTY_PATH, STATX_BASIC_STATS, 0x7eab9648) = -1 ENOSYS (Function not implemented)
fstat64(3, {st_mode=S_IFREG|0755, st_size=13480, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\320\r\0\0004\0\0\0"..., 936) = 936
mmap2(NULL, 81920, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x2aab3000
mmap2(0x2aac5000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x2000) = 0x2aac5000
close(3) = 0
mprotect(0x2ab1d000, 4096, PROT_READ) = 0
mprotect(0x2aac5000, 4096, PROT_READ) = 0
mprotect(0x2ac2d000, 24576, PROT_READ) = 0
prctl(PR_SET_NAME, "/tmp/chroot") = 0
prctl(PR_SET_KEEPCAPS, 2125176375) = -1 EINVAL (Invalid argument)
mmap2(NULL, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ab1f000
statx(AT_FDCWD, "/data", AT_STATX_SYNC_AS_STAT|AT_SYMLINK_NOFOLLOW, STATX_BASIC_STATS, 0x7eab99b0) = -1 ENOSYS (Function not implemented)
lstat64("/data", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
statx(AT_FDCWD, "/data/onboard", AT_STATX_SYNC_AS_STAT|AT_SYMLINK_NOFOLLOW, STATX_BASIC_STATS, 0x7eab99b0) = -1 ENOSYS (Function not implemented)
lstat64("/data/onboard", {st_mode=S_IFDIR|0755, st_size=6656, ...}) = 0
statx(AT_FDCWD, "/data/onboard/.apps", AT_STATX_SYNC_AS_STAT|AT_SYMLINK_NOFOLLOW, STATX_BASIC_STATS, 0x7eab99b0) = -1 ENOSYS (Function not implemented)
lstat64("/data/onboard/.apps", {st_mode=S_IFDIR|0755, st_size=512, ...}) = 0
statx(AT_FDCWD, "/data/onboard/.apps/Sanki", AT_STATX_SYNC_AS_STAT|AT_SYMLINK_NOFOLLOW, STATX_BASIC_STATS, 0x7eab99b0) = -1 ENOSYS (Function not implemented)
lstat64("/data/onboard/.apps/Sanki", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
munmap(0x2ab1f000, 16384) = 0
open("/etc/passwd", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aad1000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "root:x:0:0:root:/root:/bin/ash\nb"..., 1024) = 1024
read(3, "mail:/sbin/nologin\nntp:x:123:123"..., 1024) = 302
close(3) = 0
munmap(0x2aad1000, 4096) = 0
open("/etc/group", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aad2000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "root:x:0:root\nbin:x:1:root,bin,d"..., 1024) = 730
close(3) = 0
munmap(0x2aad2000, 4096) = 0
open("/etc/passwd", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aad4000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "root:x:0:0:root:/root:/bin/ash\nb"..., 1024) = 1024
read(3, "mail:/sbin/nologin\nntp:x:123:123"..., 1024) = 302
close(3) = 0
munmap(0x2aad4000, 4096) = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0) = 3
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac1d000
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 24) = -1 ENOENT (No such file or directory)
close(3) = 0
munmap(0x2ac1d000, 4096) = 0
open("/etc/group", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ab47000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "root:x:0:root\nbin:x:1:root,bin,d"..., 1024) = 730
read(3, "", 1024) = 0
close(3) = 0
munmap(0x2ab47000, 4096) = 0
chroot("/data/onboard/.apps/Sanki/") = 0
chdir("/") = 0
open("/etc/passwd", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aac8000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "user::1000:1000:user:/root:/syst"..., 1024) = 42
close(3) = 0
munmap(0x2aac8000, 4096) = 0
open("/etc/group", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac1d000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "user:x:1000:\n", 1024) = 13
close(3) = 0
munmap(0x2ac1d000, 4096) = 0
open("/etc/passwd", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ab3c000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "user::1000:1000:user:/root:/syst"..., 1024) = 42
close(3) = 0
munmap(0x2ab3c000, 4096) = 0
socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0) = 3
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac1d000
connect(3, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 24) = -1 ENOENT (No such file or directory)
close(3) = 0
munmap(0x2ac1d000, 4096) = 0
open("/etc/group", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2aaf2000
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
read(3, "user:x:1000:\n", 1024) = 13
read(3, "", 1024) = 0
close(3) = 0
munmap(0x2aaf2000, 4096) = 0
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1 RT_2], [], 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[], NULL, 8) = 0
setgroups32(1, [1000]) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1 RT_2], [], 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[], NULL, 8) = 0
setgid32(1000) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1 RT_2], [], 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[], NULL, 8) = 0
setuid32(1000) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
execve("/app-temp/busybox", ["/app-temp/busybox", "sh"], 0x7eab9d3c /* 17 vars */) = -1 EACCES (Permission denied)
fcntl64(1, F_GETFL) = 0x20002 (flags O_RDWR|O_LARGEFILE)
writev(2, [{iov_base="chroot: ", iov_len=8}, {iov_base=NULL, iov_len=0}], 2chroot: ) = 8
writev(2, [{iov_base="failed to run command \342\200\230/app-te"..., iov_len=45}, {iov_base=NULL, iov_len=0}], 2failed to run command ‘/app-temp/busybox’) = 45
writev(2, [{iov_base=": Permission denied", iov_len=19}, {iov_base=NULL, iov_len=0}], 2: Permission denied) = 19
writev(2, [{iov_base="", iov_len=0}, {iov_base="\n", iov_len=1}], 2
) = 1
close(1) = 0
close(2) = 0
exit_group(126) = ?
+++ exited with 126 +++
[chroot]/etc/passwd
:
user::1000:1000:user:/root:/system-bin/sh
[chroot]/etc/group
:
user:x:1000:
권한:
kobo:/kobo/mnt/onboard/onboard/.apps/Sanki# ls -ld app-temp
drwxrwxrwt 2 user user 80 Jun 11 19:26 app-temp
kobo:/kobo/mnt/onboard/onboard/.apps/Sanki# ls -l app-temp/
total 2660
-rwxr-xr-x 1 user user 1509048 Jun 11 18:52 busybox
kobo:/kobo/mnt/onboard/onboard/.apps/Sanki#
su user -s /system-bin/sh
chroot에서 루트로 작업을 시도하면 동일한 "권한 거부" 오류가 발생합니다.
무슨 문제가 있는지 아시나요? 감사해요!
답변1
문제의 원인을 찾았습니다. 제가 가지고 있는 일부 장치의 커널이 XZ 압축을 지원하기에는 너무 오래되었기 때문에 Squashfuse를 사용하여 SquashFS 파일을 마운트하고 있었습니다. allow_other
다른 사용자가 마운트된 아카이브(chroot가 있는 위치)의 파일에 액세스할 수 있도록 이 옵션을 지정하는 것을 잊었습니다 .
마운트 옵션을 squashfuse에 전달하면 문제가 해결되었습니다.