X7ROOT File Manager
Current Path:
/usr/lib/.build-id/6f
usr
/
lib
/
.build-id
/
6f
/
??
..
??
01c2cd318160d3a2a570c0d816f0d1867a41a5
(28.87 KB)
??
06574cff5d91eae05cd660d7e776f8d16503f7
(13.09 KB)
??
0b0c7690e79928d0a8b344f52ae15f5ead07f6
(36.73 KB)
??
1c3ca911f3d7d66d657dd409b74360a5a7cbbc
(24.66 KB)
??
257c9f4b3be6617e84958e615a2a9754e44d1d
(11.69 KB)
??
2f8e9efc6e748ecb05f916eee506d70ee12b04
(48.73 KB)
??
3e422d3c43630b9b88c11c052744f5d349774a
(28.33 KB)
??
3f1c82b95f9744a00f89306797e6811823ffbf
(4.42 KB)
??
44dd0f7e10bc4efc2c267e365644ce13b482a5
(0 B)
??
463149afd29d948da6d0b420428ab55b8811d6
(0 B)
??
4ef276bc9c82bdf8e87f31d63f9d498bfae815
(27.79 KB)
??
6c3a9dc65a0c75b4e76661bd33ab5f2deb3858
(11.54 KB)
??
79b0f6d61b9631d20979209a5565689a93f5ef
(0 B)
??
8c62ad05137ceccaf7e13dc6e9c0a29be00339
(16.46 KB)
??
8d8435c4e1e77b291069eda571a532028cccb5
(1.46 MB)
??
9266e5f69b15e6343e4474302e04d024053a25
(26.69 MB)
??
9aaf48af476aa2bdf1ffc271f66b174e8e0e23
(19.5 KB)
??
9c4fdfc45b5e8e4fb9c3997cf519f722d842e3
(0 B)
??
a608fcd63a8b804c96f79c4742356bdc040453
(11.42 KB)
??
a738804981fd51e97651e11e032a0f01ec8c3d
(11.73 KB)
??
aa3b82f8c1a1db775e989682dfb3812f3a412e
(16.71 KB)
??
c40dfaf60c5763627034555d9933330fd052bc
(19.88 KB)
??
c6f6d3ba228b034a65556c235f916c43126850
(37 KB)
??
cb7c056d333116ab69654696f22e0f06982634
(0 B)
??
efd2fd1bba6f5711e25284863e8c9178e976a1
(0 B)
??
f0b1ac7c5b78cd9433eb92e5130d5bab2d8fcb
(351.52 KB)
??
fbff379ab39846cb30cc15bbdab2e6c52839ee
(94.67 KB)
??
fe7151e9406e46b320c9e7615a34c481db1b84
(47.77 KB)
??
ffcbffed0fcb220eecae2d7a6715303efb6adc
(0 B)
Editing: 3f1c82b95f9744a00f89306797e6811823ffbf
#!/bin/bash ##CageFS proxyexec wrapper - ver 18 if [[ $EUID -eq 0 ]]; then echo 'Cannot be run as root' exit 1 fi USR=`/usr/bin/whoami` USER_TOKEN_PATH="/var/.cagefs/.cagefs.token" WEBSITE_ISOLATION_FLAG="/opt/cloudlinux/flags/enabled-flags.d/website-isolation.flag" # Trust boundary for the website-isolation token path: it must point # directly at the regular file that create_website_token_directory() # creates inside its root-owned per-user storage area. That area is # /var/cagefs/<prefix>/<user>/.cagefs/website/... on the host and is # bind-mounted into the cage at /var/.cagefs/website/... — both views # are accepted because libenter.enter_site() picks one or the other # depending on whether it runs inside or outside the cage. The file # itself is never a symlink, so we reject symlinks outright rather # than canonicalizing with realpath. Without this gate the attacker # controls both the env var WEBSITE_TOKEN_PATH and the file contents # at that path; the file contents land in $TOKEN, which is embedded # into the ssh remote command argv below and re-parsed by the remote # shell — so shell metacharacters in the file would execute on the # origin host. (Slite #7 / CLOS-4490) if [[ -f "$WEBSITE_ISOLATION_FLAG" && -n "$WEBSITE_TOKEN_PATH" ]]; then if [[ -L "$WEBSITE_TOKEN_PATH" ]]; then echo "cagefs.proxy: WEBSITE_TOKEN_PATH '$WEBSITE_TOKEN_PATH' must not be a symlink" >&2 exit 1 fi if [[ ! -f "$WEBSITE_TOKEN_PATH" ]]; then echo "cagefs.proxy: WEBSITE_TOKEN_PATH '$WEBSITE_TOKEN_PATH' is not an existing regular file" >&2 exit 1 fi # Reject `..` as a path component so the prefix check below cannot # be bypassed via traversal (e.g. /var/cagefs/../etc/passwd matches # the /var/cagefs/* glob but resolves outside the trusted area). case "$WEBSITE_TOKEN_PATH" in */../*|*/..) echo "cagefs.proxy: WEBSITE_TOKEN_PATH '$WEBSITE_TOKEN_PATH' must not contain '..' path components" >&2 exit 1 ;; esac case "$WEBSITE_TOKEN_PATH" in /var/cagefs/*|/var/.cagefs/*) ;; *) echo "cagefs.proxy: WEBSITE_TOKEN_PATH must be under /var/cagefs/ or /var/.cagefs/ (got '$WEBSITE_TOKEN_PATH')" >&2 exit 1 ;; esac USER_TOKEN_PATH="$WEBSITE_TOKEN_PATH" fi # The -L/-f/prefix gate above is defense-in-depth, TOCTOU is not exploitable because the # forwarded $TOKEN must still equal the legit on-disk bytes that the # origin's cagefs.server reads with open(..., O_NOFOLLOW) from a # uid-derived path (see find_website_by_token() in # proxyexec/cagefs.server.c) — a swapped symlink redirects what we # cat, never what the server reads, so a TOCTOU substitution can only # replace the forwarded bytes with something that fails the server's # constant-time comparison. TOKEN=`/bin/cat ${USER_TOKEN_PATH}` # Tokens are generated as fixed-length alphanumerics by # _generate_password() in py/clcagefslib/webisolation/jail_utils.py and # by the corresponding C helper. Any non-alphanumeric byte means the # token file was tampered with — refuse to forward it into the ssh # remote command, where the remote shell would re-parse metacharacters. # Use POSIX `case` rather than `[[ =~ ]]` because the wrapper is also # invoked through `sh` (e.g. jenkins_tests/rpm_tests/p_cagefs/ # 939-environment_var-check.sh), and dash treats `[[` as a missing # command — the regex form would falsely trip and exit the script. case "$TOKEN" in "" | *[!A-Za-z0-9]*) echo "cagefs.proxy: refusing to forward malformed token from $USER_TOKEN_PATH" >&2 exit 1 ;; esac # It's user's tmp directory and write to it is secure procedure # because this script is running only under usual user PIDFILE="/tmp/.cagefs.proxy.$$" USER_INTERRUPT=13 CWD=`pwd` ctrl_c_handler() { if [[ -f "$PIDFILE" ]]; then pid=`/bin/cat $PIDFILE` /bin/rm -f $PIDFILE > /dev/null 2>&1 /bin/kill -s SIGINT "$pid" > /dev/null 2>&1 fi exit $USER_INTERRUPT } if [[ -e /var/.cagefs/origin ]]; then ORIGIN=`/bin/cat /var/.cagefs/origin` REMOTE="/usr/bin/ssh -F /etc/ssh/cagefs-rexec_config $USR@$ORIGIN" $REMOTE CAGEFS_TOKEN="$TOKEN" /usr/sbin/proxyexec -c cagefs.sock "$USR" "$CWD" CAGEFS_ENTER $$ "$@" RETVAL=$? else trap 'ctrl_c_handler' 2 CAGEFS_TOKEN="$TOKEN" /usr/sbin/proxyexec -c cagefs.sock "$USR" "$CWD" CAGEFS_ENTER $$ "$@" RETVAL=$? /bin/rm -f $PIDFILE > /dev/null 2>&1 fi exit $RETVAL
Upload File
Create Folder