jail環境によるWebサーバーの構築

以下のテキストは、執筆時当時の情報を元に書いたものであり、 現在の情勢にそぐわないことを含む場合があるので注意されたい。 また、テキストは最終提出原稿で校正を経る前のものなので、実際にUNIXUSER 本誌に記載されたものとは異なる。誤字脱字等そのままである。

致命的な誤り以外は加筆修正等は行なわないので情報の鮮度に気をつけつつ 利用して欲しい。

目次

註: 本記事は当初Part3として執筆したが前後の記事のバランスを 考えてPart2として掲載された。


PartIII Jail


Jail

jail(8) FreeBSD 4.0-RELEASE ()
chroot(8)
jailOS

FreeBSDjail


 

	PC-UNIXUNIXOS
	
	
	 anonymous ftp 
	
	
	
	(/etc/passwd)
	(/etc/group)
	
	UNIX
	
	
	

	 anonymous ftp 
	chrootchroot
	Change root directory 
	()
	
	/usr/chrootdir/ 
	

		+-------------------------------------------
		| # chroot /usr/chrootdir /bin/sh
		+-------------------------------------------

	chroot /usr/chrootdir 
	 /bin/sh 
	 /bin/sh ()
	/usr/chrootdir/ 
	chrootdir/ 
	ftp  ftp
	 anonymous 
	chroot
	

 ()
+------------------ chroot -----------------------------------------------
|  +---------------------  -----------------------------+
|  |                    (/)                                             |
|  |                     |                                              |
|  |         v----v---...+-------v------v---------v---.....             |
|  |       bin/ boot/ ...       etc/ kernel      usr/  ....             |
|  |        |     |              |                |                     |
|  | v--v---+-.. v+----v-...  v--+---- ..    v----+--------v---...      |
|  | [  cat ..  boot0 boot1. XF86Config .. X11R6/ bin/     |            |
|  |                                        +---------chrootdir/ ---+   |
|  |                                        |           (/)         |   |
|  |                                        |            |          |   |
|  |                                        |  v----v----+---v---.. |   |
|  |                                        | bin/ etc/     usr/    |   |
|  |                                        |               |   |
|  |                                        +-----------------------+   |
|  +--------------------------------------------------------------------+
+--------------------------------------------------------------------------

 chroot

	chroot
	chroot
	
	chroot
	
	chroot
	
	
	WebCGI
	

	httpd 
	CGI
	CGI
	Apache CGI 
	 "phf" 
	
	
	
	
	()CGI
	
	

	httpdchroot
	
	
	
	chroot 
	ypcat
	
	chroot
	([])

--- [] ---------------------------------------------------------------

	chroot
	jailchroot
	chroot
	
	
	chroot
	chroot
	
	
	

--------------------------------------------------------------------------

 jail

	chrootjail
	jailchroot
	jailjail
	

  

	jailjailchroot
	
	chroot
	
	
	jail
	PID
	jailroot
	()
	

--- [] ---------------------------------------------------------------
	jailjailroot
	 Virtual Server
	
--------------------------------------------------------------------------

  

	chroot
	IPOS
	jail
	 alias 
	IPjail
	

	+------------------------------------------------------------------
	| # ifconfig ed0 alias 192.168.0.2
	| # jail /subfilesystem/for/jail NewHostname 192.168.0.2 /bin/sh
	+------------------------------------------------------------------

	 /subfilesystem/for/jail jail
	NewHostname jail
	192.168.0.2 IP
	jail NewHostname
	(192.168.0.2) 
	

	jailjailIP
	jail
	

  root

	jail
	
	
	jail
	

	* / ID (set*id, setlogin)
	*  (strlimit)
	* kern.hostname sysctl
	* chroot
	* 
	* (1024)

	jail raw
	packet jail
	 tcpdump 
	jailping
	
	
	
	
	

jail

	FreeBSD jail 
	manpage

		% man jail

	jail(8) manpage 4

	* jail
	* jail
	* jailjail
	* jail

	jailjail
	
	manpage
	

	+----------------------------------------------------------
	| D=/here/is/the/jail
	| cd /usr/src
	| make hierarchy DESTDIR=$D
	| make obj
	| make depend
	| make all
	| make install DESTDIR=$D
	| cd etc
	| make distribution DESTDIR=$D NO_MAKEDEV=yes
	| cd $D/dev
	| sh MAKEDEV jail
	| cd $D
	| ln -sf dev/null kernel
	+----------------------------------------------------------

	FreeBSD
	jail
	FreeBSDjail
	
	jail
	
	

	jail
	  * jail
	    (jail)
	  * 
	  * 
	  * jail
	    

	jail
	  * 
	  * 
	  * 
	  * ()

	jail
	root
	
	jail(
	)
	
	

 jail

	jail(8)manpageFreeBSD
	jail
	jail
	 Union File System
	(unionfs) 
	 /usr  unionfs /etc 
	/dev, /var 
	

	 unionfs  kernel config 

		options		UNION

	UNION
	4.x-RELEASE  unionfs 
	
	 kldstat  union.ko 
	

	+------------------------------------------------------------
	| # mount -t union /usr /mnt
	|   ~~~~~~~~~~~~~~~~~~~~~~~~
	| # kldstat
	|   ~~~~~~~
	| Id Refs Address    Size     Name
	| 1    3 0xc0100000 314050   kernel
	| 2    1 0xc0d31000 11000    linux.ko
	| 3    1 0xc0e69000 9000     union.ko  
	+------------------------------------------------------------


 +---[]--------------------------------------------------------------
  = Union File System =

  Union File System 
  
      /---- /dir-A ----\     /---- /dir-B ----\
      |  file-1        |     |   file-2       |
      |  file-2        |     |   file-3       |
      |                |     |                |
      \----------------/     \----------------/
  Union File System
  
  

	# mount -t union /dir-B /dir-A

  /dir-B  /dir-A  /dir-A
  
      /---- /dir-A ----\
      |  file-1        |
      |  file-2        |
      |  file-3        |
      \----------------/
   /dir-A  /dir-B 
  file-2
  /dir-A, /dir-B /dir-B 
   /dir-B/file-2 
   /dir-A 
   /dir-B /dir-A 

  mount_union(8) 
  

	# mount -t union -o -b /dir-B /dir-A

  /dir-B  /dir-A /dir-B  /dir-A 
  /dir-A 
   /dir-A 

  Union File System  CD-ROM 
  
  
  CDROM
  

  FreeBSD 4.1-RELEASE kernel config file 
  

    NB: The NULL, PORTAL, UMAP and UNION filesystems are known to be
    buggy, and WILL panic your system if you attempt to do anything with
    them.  They are included here as an incentive for some enterprising
    soul to sit down and fix them.

   null, portal, umap, union 
  unionfs 
  4
  unionfs 
   Union File System 
  
  jail
  config file 
  
  jail
   mount_null(8) 
  
 +---[]--------------------------------------------------------

	jail
	

	+------------------------------------------------------------
	| # cd /
	| # mkdir /jail
	| # mkdir -m 1777 /jail/tmp
	| # tar cf - bin etc root sbin var | tar xvpfC - /jail
	+------------------------------------------------------------

	jail

	+------------------------------------------------------------
	| # mkdir /jail/dev
	| # cp /dev/MAKEDEV /jail/dev
	| # cd /jail/dev
	| # sh MAKEDEV jail
	+------------------------------------------------------------

	jail procfs 

	+------------------------------------------------------------
	| # mkdir /jail/proc
	| # mount -t procfs proc /jail/proc
	+------------------------------------------------------------

	/usr  unionfs 

	+------------------------------------------------------------
	| # mount -t union -o ro /usr /jail/usr
	+------------------------------------------------------------

	 jail 

 jail

	jailIP
	jailIP IP alias 
	 192.168.0.2 jail

	+------------------------------------------------------------
	| # ifconfig fxp0 alias 192.168.0.2 netmask 255.255.255.0
	+------------------------------------------------------------

	jail
	
	 /etc/rc.conf 

	/--[ /etc/rc.conf  ]-----------------------------------
	|  sendmail_enable="NO"
        |  inetd_flags="-wW -a 192.168.11.23"
        |  portmap_enable="NO"
        |  syslogd_flags="-ss"
	\------------------------------------------------------------

	IP 192.168.11.23 
	

 	inetd-aIPinetd
 	IPsyslogd-ss
 	
 	sendmailportmapperjailIP
 	
 	

 jail

	jail
	jail

	+------------------------------------------------------------
	| # jail /jail 192.168.0.2 prison.mydomain /bin/zsh
	| prison# 
	+------------------------------------------------------------

	prison.mydomain  192.168.0.2 jail
	4jail
	 /bin/zsh 
	root # 
	jailroot prison# 
	

	 /jail 
	 jail 
	jail(/bin/zsh) 
	
	

	+------------------------------------------------------------
	| prison# ls -F /
	|         ~~~~~~~
	| bin/    dev/    etc/    proc/   root/
	| sbin/   tmp/    usr/    var/
	| prison# ifconfig fxp0 | grep inet
	|         ~~~~~~~~~~~~~~~~~~~~~~~~~
        | inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255
        | inet6 fe80::200:eff:fec3:c144%fxp0 prefixlen 64 scopeid 0x1 
	| prison# hostname
	|         ~~~~~~~~
	| prison.mydomain
	| prison# ps ax
	|         ~~~~~
	|   PID  TT  STAT      TIME COMMAND
	| 12443  p0  SJ     0:00.24 /bin/zsh
	| 12464  p0  R+J    0:00.01 ps a
	+------------------------------------------------------------

	jail /jail chroot
	IPjailjail
	

	jail
	 inetd telnet
	inetdjail /etc/inetd.conf  telnetd 
	

	+------------------------------------------------------------
	| (jail)
	| prison# grep telnet /etc/inetd
	|         ~~~~~~~~~~~~~~~~~~~~~~
	| telnet stream tcp  nowait root /usr/libexec/telnetd telnetd
	| telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd
	|        (telnet)
	| prison# inetd
	|         ~~~~~
	| ()
	| % telnet 192.168.0.2
	|   ~~~~~~~~~~~~~~~~~~
	| Trying 192.168.0.2...
	| Connected to prison.mydomain.
	| Escape character is '^]'.
	|
	| FreeBSD/i386 (prison.mydomain) (ttyp1)
	| login: 
	+------------------------------------------------------------

	jailtelnetlogin
	jailjail
	telnetjail
	jail
	jail
	jailWWW
	
	
	


 jail

	jail
	jail
	jailroot
	

	+------------------------------------------------------------
	| prison# kill -TERM -1
	|   ()
	| prison# kill -KILL -1
	+------------------------------------------------------------

	jail
	jail
	jailps
	J

	+------------------------------------------------------------
	| # ps ax
	|   PID  TT  STAT      TIME COMMAND
	|     0  ??  DLs    0:00.01  (swapper)
	|     1  ??  SLs    0:00.12 /sbin/init --
	|     2  ??  DL     0:00.02  (pagedaemon)
	|     3  ??  DL     0:00.00  (vmdaemon)
	|     4  ??  DL     0:00.00  (bufdaemon)
	|     5  ??  DL     0:00.10  (syncer)
	|    26  ??  Is     0:00.01 adjkerntz -i
	|    86  ??  Is     0:00.13 syslogd -ss
	|    89  ??  Is     0:00.01 /usr/sbin/portmap
	|    95  ??  I      0:00.00 nfsiod -n 2
	|    96  ??  I      0:00.00 nfsiod -n 2
	|   117  ??  Is     0:00.04 inetd -wW -a 192.168.11.23
	|   119  ??  Is     0:00.05 cron
	|   150  ??  Is     0:00.28 /usr/local/openssh/sbin/sshd
	|   160  ??  S      0:00.85 sshd: yuuji@ttyp0 (sshd)
	|   229  ??  IsJ    0:00.06 inetd
	|   231  ??  SsJ    0:00.02 syslogd
	|   161  p0  Is     0:00.52 -zsh (zsh)
	|   181  p0  S      0:00.60 /bin/zsh
	|   207  p0  TJ     0:00.52 /bin/zsh
	|   233  p0  SJ     0:00.02 /usr/local/Canna/bin/cannaserver
	|   234  p0  R+     0:00.02 ps ax
	|   154  v0  Is+    0:00.05 /usr/libexec/getty Pc ttyv0
	|   155  v1  Is+    0:00.03 /usr/libexec/getty Pc ttyv1
	|	 :
	|	
	+------------------------------------------------------------

	J inetd, syslogd, zsh, cannaserver 
	jail
	jailjail
	 procfs jail
	ps
	ID229inetd
	

	+------------------------------------------------------------
	| # cat /proc/229/status
	| inetd 229 1 229 229 -1,-1 sldr 970203331,440531 0,23785 [!]
	| 0,35677 select 0 0 0,0,2020,0 prison.mydomain
	+------------------------------------------------------------

	statsjailjail
	jail
	 /proc/*/status jail
	IDkill

	jail
	
	
	jail
	 /etc/sysctl.conf 
	

	/------------------------------------------------------------
	| jail.set_hostname_allowed=0
	\------------------------------------------------------------


jail

	jail
	
	jail(8)manpage jail /etc/rc
	
	WWW
	jail
	jail

  /etc 

	jail/etc
	

    

	
	/etc/group
	
	

    

	jail
	jailinetd
	inetd
	inetd.conf
	inetd.conf

    

	(resolv.conf)
	(localtime)
	(manpath.config)(shells)
	

  

	jail
	

    SSH

	FreeBSD 4.1.1-RELEASE  OpenSSH 
	 libwrap() 
	
	
	 /stand/sysinstall  Configure  Networking 
	"Sshd" YES sshd 
	
	 /etc/ssh jail 
	jailssh-keygen
	

	+------------------------------------------------------------
	| prison# ssh-keygen -N '' -f /etc/ssh/ssh_host_key
	|         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	| prison# ssh-keygen -N '' -d -f /etc/ssh/ssh_host_dsa_key
	|         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	+------------------------------------------------------------

	jailSSH
	sshdssh

+------------------------------------------------------------
| anotherhost% ssh prison.mydomain
|              ~~~~~~~~~~~~~~~~~~~
| The authenticity of host 'prison.mydomain' can't be established.
| RSA key fingerprint is 1c:89:b8:06:d9:24:c7:52:6d:62:7c:3d:18:99:3d:bc.
| Are you sure you want to continue connecting (yes/no)? yes
|                                                        ~~~
+------------------------------------------------------------

	/jail chrootjail
	

--- [] ---------------------------------------------------------------
	TCP wrappers 
	 /etc/hosts.allow 
	199912
--------------------------------------------------------------------------

    syslog

	jailsyslog
	

	+------------------------------------------------------------
	| prison# /usr/sbin/syslogd
	|         ~~~~~~~~~~~~~~~~~
	| prison# logger hello
	|         ~~~~~~~~~~~~
	| prison# tail -1 /var/log/messages
	| Sep 30 19:34:43 prison yuuji: hello
	+------------------------------------------------------------

	logger(/var/log/messages) 
	

  

	jail
	jail
	

    

	 /jail  etc/  dev/  /usr
	 unionfs 
	 /etc/fstab 
	

	/-----[ /etc/fstab ]----------------------------------------------
	| proc	/jail/proc	procfs	rw	0	0
	| /usr	/jail/usr	union	ro	0	0
	\-----------------------------------------------------------------

    

	jailIP(alias)
	/etc/rc.conf 

	/-----[ /etc/rc.conf ]--------------------------------------------
	| ifconfig_fxp0_alias0="inet 192.168.0.2 netmask 255.255.255.0"
	\-----------------------------------------------------------------

	fxp0fxp0
	

	inetdjail
	

	/-----[ /etc/rc.conf ]--------------------------------------------
	| inetd_enable="NO"		# inetd
	\-----------------------------------------------------------------
	/-----[ /etc/rc.conf ]--------------------------------------------
	| inetd_enable="YES"		# inetd
	| inetd_flags="-wW -a 192.168.11.23"
	\-----------------------------------------------------------------

	syslogd

	/-----[ /etc/rc.conf ]--------------------------------------------
	| syslogd_flags="-ss"
	\-----------------------------------------------------------------

    jail

	jail
	 
	/etc/rc.jail( /jail/etc/rc.jail) 

	/----[ /etc/rc.jail ] --------------------------------------------
	| syslogd
	| /usr/sbin/sshd
	\----[ /etc/rc.jail ] --------------------------------------------

	jail

	+-----------------------------------------------------------------
	| # jail /jail 192.168.0.2 prison.mydomain /bin/sh /etc/rc.jail
	+-----------------------------------------------------------------

Jail

	jail
	WWWjail
	jail
	WWW
	
	jail(jail
	) virtual domain 
	

  WWW

	WWW

	  * DNS
	  * WWW(apache)
	  * apache
	  * 

	

    WWWDNS

	WWWDNS
	BIND 
	hoge.co.jp WWW www.hoge.co.jp 
	hoge.co.jp 
	1:hoge.zone 

	/--- 1 [hoge.zone] -------------------------------------------
	|$TTL	86400
	|@	IN	SOA	ns.hoge.co.jp. postmaster.hoge.co.jp. (
	|			2000101000	; Serial No
	|			10800		; Refresh = 3 hours
	|			3600		; Retry   = 1 hour
	|			3600000		; Expire  = 1000 hours
	|			86400		; Minimum = 1 day
	|			)
	|	IN	NS	ns.hoge.co.jp.
	|	IN	NS	ns2.hoge.co.jp.
	|	IN	MX	0  mail.hoge.co.jp.
	|	IN	MX	10 mail2.hoge.co.jp.
	|;
	|venus	IN	A	192.168.0.2
	|	IN	MX	0 mail.hoge.co.jp.
	|	IN	MX	10 mail2.hoge.co.jp.
	\-------------------------------------------------------------------

 +---[]--------------------------------------------------------------
  = DNS  =
  
  DNS
  

  1

		IN		

  
  
  

  - SOA
  
	  IN  SOA    (
			   
			   ()
			   ()
			   ()
			   
		  )

   @ ( hoge.co.jp.)
  @
  
   

	YYYYMMDDxx

  xx1
  

  - NS
  
	  IN  NS  
  

  - A
  IP
	  IN  A   IP

  - MX
  (Mail eXchanger)
	  IN  MX   
  
 +-------------------------------------------------------------------------

	 192.168.0.2 Avenus
	WWW
	www.hoge.co.jp CNAME()
	hoge.zone 2

	/--- 2 [hoge.zone ] ------------------------------------
	|www	IN	CNAME	venus
	\-------------------------------------------------------------------

	SOA
	(3)

	/--- 3 [hoge.zone ] ------------------------------
	|$TTL	86400
	|@	IN	SOA	ns.hoge.co.jp. postmaster.hoge.co.jp. (
	|			2000101001	; Serial No
	|                       ~~~~~~~~~~
	|			 :
	|			 : 
	|			)
	\-------------------------------------------------------------------

	
	

	+-------------------------------------------------------------------
	| # /usr/sbin/ndc reload
	+-------------------------------------------------------------------

	CNAME

	+-------------------------------------------------------------------
	| # /usr/sbin/nslookup www.hoge.co.jp
	|   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	| Server:  localhost
	| Address:  127.0.0.1
	|
	| Name:    venus.hoge.co.jp
	| Address:  192.168.0.2
	| Aliases:  www.hoge.co.jp
	+-------------------------------------------------------------------

	hoge.co.jp DNS
	
	CNAME

    apache

	apache
	
	CD-ROM apache_1.3.12.tar.gz 
	apache
	 /www/apache
	/www/htdocs apache
	apache
	

	+-------------------------------------------------------------------
	| prison# tar zxpf apache_1.3.12.tar.gz
	|         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	| prison# cd apache_1.3.12
	|         ~~~~~~~~~~~~~~~~
	| prison# ./configure --prefix=/www/apache --htdocsdir=/www/htdocs
	|         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	|    
	| prison# make && make install
	|         ~~~~~~~~~~~~~~~~~~~~
	|    
	+-------------------------------------------------------------------

	apachejail
	makejail
	
	
	jail
	jail /www 
	

	+-------------------------------------------------------------------
	| # mkdir /jail/www
	| # ln -sf /jail/www /www
	+-------------------------------------------------------------------

	make install

	make install 
	

	+-------------------------------------------------------------------
	| prison# /www/apache/bin/apachectl start
	+-------------------------------------------------------------------

	jail
	 http://prison.mydomain/ 
	  (apacheinst.png) 
	(w3m)

	----------------------------------------------------------------------
	 (apacheinst.png) Apache 
	
	----------------------------------------------------------------------

	apachejail
	jailjail
	
	jail

    apache

	apache
	
	9jail
	
	apache
	/www/apache/conf/httpd.conf 
	

	* VirtualHost 

	  apacheHTTP 
	  
	  prison.mydomain  www.mydomain 
	   192.168.0.2 IP
	  http://prison.mydomain/ 
	  http://www.mydomain/ 
	  
	  www.mydomain  prison.mydomain 
	  
	  WWW apache  VirtualHost 

	  apache VirtualHost 
	  IPVirtualHost
	  IPIP
	  jail
	  IP1
	  VirtualHostIP
	  
	  VirtualHost httpd.conf 
	  NameVirtualHost   

	  IP
	  NameVirtualHost jail
	  192.168.0.2 

	  /---[ httpd.conf  ]-----------------------------------------
	  | NameVirtualHost 192.168.0.2
	  \-----------------------------------------------------------------

	  
	    

	  /---[ httpd.conf  ]-----------------------------------------
	  | 
	  |   ServerName	prison.mydomain
	  |   DocumentRoot	/www/htdocs/contents.prison
	  |   CustomLog		logs/prison-access_log  combined
	  |   ErrorLog		logs/prison-error_log
	  | 
	  | 
	  |   ServerName	www.mydomain
	  |   DocumentRoot	/www/htdocs/contents.www
	  |   CustomLog		logs/www-access_log  combined
	  |   ErrorLog		logs/www-error_log
	  | 
	  \-----------------------------------------------------------------

	  http://prison.mydomain/ 
	  /www/htdocs/contents.prison/ 
	  http://www.mydomain/ 
	  /www/htdocs/contents.www/ 
	  /
	  

 +---[]--------------------------------------------------------------
  =  VirtualHost  =

  VirtualHost
  
  VirtualHost
  httpd
  CGI
  
  
  
   "GET /index.html" 
  VirtualHost
  

  TipsVirtualHost
   VirtualHost 
  

	LogFormat "%h %l %u %t \"%r\" %>s %b                ()
        	 \"%{Referer}i\" \"%{User-Agent}i\"" combine

  \"%r\"  "GET /index.html" 
  VirtualHost
  "GET /www.mydomain/index.html" 
   %r (%m)
  URL(%U)

	/------------------------------------------------------------------
	| 
	|   ServerName	 prison.mydomain
	|   DocumentRoot /www/htdocs/contents.prison
	|   LogFormat "%h %l %u %t \"%m prison.mydomain%U\" %>s %b   ()
	           \"%{Referer}i\" \"%{User-Agent}i\"" log_PRISON
	|   CustomLog    logs/access_log  log_PRISON
	| 
	| 
	|   ServerName	 www.mydomain
	|   DocumentRoot /www/htdocs/contents.www
	|   LogFormat "%h %l %u %t \"%m www.mydomain%U\" %>s %b      ()
	           \"%{Referer}i\" \"%{User-Agent}i\"" log_WWW
	|   CustomLog    logs/access_log  log_WWW
	| 
	\------------------------------------------------------------------

  httpd
  
  
 +---[]--------------------------------------------------------


    jail CGI/SSI 

	jailCGI/SSI
	CGISSI

	* CGI

	    CGI /foo/bar/cgidir 
	    httpd.conf

	    /---------------------------------------------------------------
	    | 
	    |   AddHandler cgi-script .cgi
	    |   Options ExecCGI
	    | 
	    \---------------------------------------------------------------

	     .cgi 
	    CGI ExecCGI 
	    CGICGI
	    httpd.confExecCGI
	    
	    
	    AllowOverride 

	    /---------------------------------------------------------------
	    | 
	    |   Options ExecCGI
	    |   AllowOverride Options FileInfo
	    | 
	    \---------------------------------------------------------------

	    CGI .htaccess 
	     httpd.conf 

	    /--[.htaccess]--------------------------------------------------
	    | AddHandler cgi-script .cgi
	    | Options ExecCGI
	    \---------------------------------------------------------------

	* SSI

	    SSIapache "server-parsed" 
	    ()".shtml" 
	    SSI httpd.conf 
	    (
	    )

	    /---------------------------------------------------------------
	    | AddType text/html .shtml
	    | AddHandler server-parsed .shtml
	    \---------------------------------------------------------------

	jailCGI4
	lsCGI
	

	/--- 4 [ls-root.cgi] -----------------------------------------
	| #!/bin/sh
	| echo 'Content-type: text/plain'
	| echo ''
	| /bin/ls -FC /
	\-------------------------------------------------------------------

	
	/www/htdocs/ls-root.cgi CGI 
	
	jail
	

jail

	WWW
	
	
	jail
	jail
	jail
	
	
	
	
	
	


yuuji@gentei.org
Fingerprint16 = FF F9 FF CC E0 FE 5C F7 19 97 28 24 EC 5D 39 BA
HIROSE Yuuji - ASTROLOGY / BIKE / EPO / GUEST BOOK / YaTeX [Tweet]