Can you chroot the Microsoft FrontPage extensions?

Before you attempt to do this you should first make yourself familiar with both MS FrontPage and chrooting simple CGI scripts.

Here are some basic steps you need to do:

In this example, we're assuming you're chrooting to /web, and that your document root is /web/docroot.

Move /usr/local/frontpage to /web/usr/local/frontpage.
Both the Zeus and Microsoft FrontPage installation programs contain the hard coded path /usr/local/frontpage, so make /usr/local/frontpage a symlink to /web/usr/local/frontpage.
In the CGI module, set the FrontPage jail /web and enable chrooting of CGIs.
Still in the CGI module, set 'Security Configurables' to 'Run CGI as file owner'.
Edit the the virtual server configuration file manually. It will live in $ZEUSHOME/webadmin/conf/sites/[virtual server].
Change modules!frontpage!fphome /usr/local/frontpage
to modules!frontpage!fphome /web/usr/local/frontpage.
Create the directory /web/lib and copy all the libraries that the FrontPage binaries require. This can be done by recursively copying /lib/* to /web/lib or by finding out which ones are required using strace or truss.
Restart the FrontPage virtual server to incorporate the changes you have made.
Verify that your configuration is correct by running $ZEUSHOME/webadmin/bin/fpinst.sh --check on your FrontPage virtual server.

FrontPage should then happily run chrooted. If you have problems, try using strace or truss to work out what is going on. Also check the web server error log and syslog.

It is possible to have multiple, separate chroot'ed directories for each FrontPage-enabled virtual server Further directories will need separate copies of the library files and the /usr/local/frontpage directory.

A possible alternative to replicating the files would be to hardlink to the files in the /web/lib and /web/usr/local/frontpage directories, though this is predicated by all the chroot'ed FrontPage virtual servers having their docroots on the same filesystem.

Content Manager [Administrator] 15 June 2006

2 comments

Comments:

This public messageboard is not a forum for technical support. To report technical support problems, please contact our dedicated Support team using the instructions at the bottom of this page.

Comment from: Stuart Shelton [Zeus Support]

A better way to determine which libraries your chroot gaol needs within it is with the following commands:

find /web/usr/local/frontpage -type f -perm +111 -exec ldd {} 2>/dev/null \; | cut -d "^I" -f 2 | cut -d " " -f 1 | sort | uniq

... where the '^I' character is generated by hitting ctrl+v then ctrl+tab.

This will list all of the libraries required, one per line. Only these libraries need be copied into the gaol.

15 June 2006 @ 18:03

Comment from: Graven [Visitor]

This will helps lots to scripting language security concern. I am really surprising to see this first time and I will implement the same in my virtual server configuration.

SEO Services India

12 January 2012 @ 09:28

Comments are closed for this post.

Recently...

Other Resources

The ZWS Online Support service is provided as is, without warranty or specific endorsement by Zeus Technology. For technical support queries, please contact Zeus Technical Support. Articles and comments may not reflect the views of Zeus Technology. • Disclaimer and Privacy statement.