You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Jasbinder Singh Bali <js...@gmail.com> on 2007/04/12 00:49:45 UTC
Demonstration of Chroot when tomcat running in jail
Hi,
How can the Chroot be demostrated in a very simple way without
actually hacking the tomcat.
I just need to show that someone has taken control of tomcat and now
he's in the directory (chroot jail) where tomcat is running but won't
be able to access the actual root of the webserver.
What would a good way to demostrate this.
Any kind of help would be highly appreciated.
Thanks
~Jas
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Demonstration of Chroot when tomcat running in jail
Posted by Lucas Galfaso <lg...@gmail.com>.
Just create a jsp page with a text input that whatever you submit
there is executed at a shell and returns the result.
On 4/11/07, Jasbinder Singh Bali <js...@gmail.com> wrote:
> To clarify it further, I need demonstrate someone entering the chroot jail
> where tomcat is running
> and then he can issue all his commands there but won't be able to see the
> actual root being in chroot jail
>
> On 4/11/07, Jasbinder Singh Bali <js...@gmail.com> wrote:
> >
> > I didn't get that. Can you please explain what are you trying to say here.
> > Thanks
> >
> > On 4/11/07, Tim Lucia <timlucia@yahoo.com > wrote:
> > >
> > > You could create a file, write to it, and observe where it appears.
> > >
> > >
> > > > -----Original Message-----
> > > > From: Jasbinder Singh Bali [mailto:jsbali@gmail.com]
> > > > Sent: Wednesday, April 11, 2007 6:50 PM
> > > > To: users@tomcat.apache.org
> > > > Subject: Demonstration of Chroot when tomcat running in jail
> > > >
> > > > Hi,
> > > > How can the Chroot be demostrated in a very simple way without
> > > > actually hacking the tomcat.
> > > > I just need to show that someone has taken control of tomcat and now
> > > > he's in the directory (chroot jail) where tomcat is running but won't
> > > > be able to access the actual root of the webserver.
> > > > What would a good way to demostrate this.
> > > >
> > > > Any kind of help would be highly appreciated.
> > > >
> > > > Thanks
> > > > ~Jas
> > > >
> > > > ---------------------------------------------------------------------
> > > > To start a new topic, e-mail: users@tomcat.apache.org
> > > > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > > > For additional commands, e-mail: users-help@tomcat.apache.org
> > >
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To start a new topic, e-mail: users@tomcat.apache.org
> > > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > > For additional commands, e-mail: users-help@tomcat.apache.org
> > >
> > >
> >
>
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Demonstration of Chroot when tomcat running in jail
Posted by Jasbinder Singh Bali <js...@gmail.com>.
To clarify it further, I need demonstrate someone entering the chroot jail
where tomcat is running
and then he can issue all his commands there but won't be able to see the
actual root being in chroot jail
On 4/11/07, Jasbinder Singh Bali <js...@gmail.com> wrote:
>
> I didn't get that. Can you please explain what are you trying to say here.
> Thanks
>
> On 4/11/07, Tim Lucia <timlucia@yahoo.com > wrote:
> >
> > You could create a file, write to it, and observe where it appears.
> >
> >
> > > -----Original Message-----
> > > From: Jasbinder Singh Bali [mailto:jsbali@gmail.com]
> > > Sent: Wednesday, April 11, 2007 6:50 PM
> > > To: users@tomcat.apache.org
> > > Subject: Demonstration of Chroot when tomcat running in jail
> > >
> > > Hi,
> > > How can the Chroot be demostrated in a very simple way without
> > > actually hacking the tomcat.
> > > I just need to show that someone has taken control of tomcat and now
> > > he's in the directory (chroot jail) where tomcat is running but won't
> > > be able to access the actual root of the webserver.
> > > What would a good way to demostrate this.
> > >
> > > Any kind of help would be highly appreciated.
> > >
> > > Thanks
> > > ~Jas
> > >
> > > ---------------------------------------------------------------------
> > > To start a new topic, e-mail: users@tomcat.apache.org
> > > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To start a new topic, e-mail: users@tomcat.apache.org
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
>
Re: Demonstration of Chroot when tomcat running in jail
Posted by Jasbinder Singh Bali <js...@gmail.com>.
I didn't get that. Can you please explain what are you trying to say here.
Thanks
On 4/11/07, Tim Lucia <ti...@yahoo.com> wrote:
>
> You could create a file, write to it, and observe where it appears.
>
>
> > -----Original Message-----
> > From: Jasbinder Singh Bali [mailto:jsbali@gmail.com]
> > Sent: Wednesday, April 11, 2007 6:50 PM
> > To: users@tomcat.apache.org
> > Subject: Demonstration of Chroot when tomcat running in jail
> >
> > Hi,
> > How can the Chroot be demostrated in a very simple way without
> > actually hacking the tomcat.
> > I just need to show that someone has taken control of tomcat and now
> > he's in the directory (chroot jail) where tomcat is running but won't
> > be able to access the actual root of the webserver.
> > What would a good way to demostrate this.
> >
> > Any kind of help would be highly appreciated.
> >
> > Thanks
> > ~Jas
> >
> > ---------------------------------------------------------------------
> > To start a new topic, e-mail: users@tomcat.apache.org
> > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> > For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
RE: Demonstration of Chroot when tomcat running in jail
Posted by Tim Lucia <ti...@yahoo.com>.
You could create a file, write to it, and observe where it appears.
> -----Original Message-----
> From: Jasbinder Singh Bali [mailto:jsbali@gmail.com]
> Sent: Wednesday, April 11, 2007 6:50 PM
> To: users@tomcat.apache.org
> Subject: Demonstration of Chroot when tomcat running in jail
>
> Hi,
> How can the Chroot be demostrated in a very simple way without
> actually hacking the tomcat.
> I just need to show that someone has taken control of tomcat and now
> he's in the directory (chroot jail) where tomcat is running but won't
> be able to access the actual root of the webserver.
> What would a good way to demostrate this.
>
> Any kind of help would be highly appreciated.
>
> Thanks
> ~Jas
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org