0

I tried some perl examples of unix domain sockets using abstract names: Created a socket starting with a null character:

my $socket_path = "\0wibble";

using netstat -nlp I can see the socket:

unix  2      [ ACC ]     STREAM     LISTENING     309510   3448/perl            @wibble

In examples all is working, but...
I want to use fastCGI in nginx with unix domain sockets using abstract names:

So in nginx.conf:

Using       fastcgi_pass  "/tmp/wibble"; #is Ok
But using       fastcgi_pass  "unix:Any_name"; #is not Ok!!

I tried \0wibble \zwibble \x{0}wibble and it didnt work!

At fastcgi-wrapper.pl I tried:

Using        $socket = FCGI::OpenSocket( "/tmp/wibble", 10 ); #is Ok
But using       fastcgi_pass  "unix:Any_name"; #is not Ok!!

I tried \0wibble \zwibble \x{0}wibble and it didnt work!

BTW: I want to use chroot on nginx and chroot in perl, so I cannot use a filesystem socket, as it will be a path out of jail and a security flaw...

Weber K.
  • 131
  • 8
  • 1
    In Linux, if the name starts with null it is an Abstract Name, as described in unix(7). – Weber K. Apr 24 '13 at 04:51
  • I am trying to execute a Perl CGI script. Both Perl and nginx are chrooted. So I dont want to hard link an unix domain socket using filesystem, as this can be exploited. I want to use an Abstract Name, but I cant make it work! – Weber K. Apr 24 '13 at 04:55

1 Answers1

1

nginx doesn't support abstract sockets (as of today). However an unofficial patch exists which provides this support. Once applied, you can refer to an abstract socket as @wibble. If you use this patch, be sure to read the entire nginx forum thread regarding it, as it refers to various changes made to the patch.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
  • I am sad I will need to recompile it, but I am glad it exists. Thank you very much! – Weber K. Apr 24 '13 at 05:13
  • Hi! I think we also have another alternative... Instead of moving from FGCI to uWSGI, I could also try to chroot twice (nested chroot)... This way the pathname is out of second jail, but it is inside the first... But I didnt tested if this can be exploited easily... I am sure the second jail can be exited, but i neet to research escaping from the first jail... – Weber K. Apr 24 '13 at 19:24
  • 1
    Hi again! Ive discovered that using socat I can relay between pathname or abstract namespace named sockets! This way I can relay from the jail to an abstract socket! thank you @michael-hampton! – Weber K. Apr 26 '13 at 02:01