compilebox
compilebox copied to clipboard
remoteinterview
/usercode permission issue
Docker container was ran as user mysql, which leads to permission denied issue.
root@vagrant-ubuntu-trusty-64:/compilebox/API/temp/testfolder# docker run -u mysql -e 'NODE_PATH=/usr/local/lib/node_modules' -i -t -v "/compilebox/API/temp/testfolder":/usercode virtual_machine /usercode/script.sh python file.py
/usercode/script.sh: line 41: /usercode/logfile.txt: Permission denied
/usercode/script.sh: line 42: /usercode/errors: Permission denied
Hello!
*-COMPILEBOX::ENDOFOUTPUT-* .03
mv: cannot stat '/usercode/logfile.txt': No such file or directory
If you actually run commands in script.sh one by one in docker container, /usercode belongs to root but not mysql. User mysql does not have permission to create /usercode/logfile.txt and /usercode/errors.
This could be fixed by changing docker user to root.
I am wondering why we need sql in docker container? Is it possible to remove it? I can't see anywhere else has dependency on mysql other than following ones:
$ grep -r mysql .
./DockerSandbox.js: var st = this.path+'DockerTimeout.sh ' + this.timeout_value + 's -u mysql -e \'NODE_PATH=/usr/local/lib/node_modules\' -i -t -v "' + this.path + this.folder + '":/usercode ' + this.vm_name + ' /usercode/script.sh ' + this.compiler_name + ' ' + this.file_name + ' ' + this.output_command+ ' ' + this.extra_arguments;
./Payload/sql_runner.sh:sudo service mysql start
./Payload/sql_runner.sh:mysql mysql< create_user.sql -u'root'
./Payload/sql_runner.sh:mysql ri_db < $1 -u'test' -p'test123'
./Payload/sql_runner.sh:mysql mysql< destroy_user.sql -u'root'
./temp/testfolder/sql_runner.sh:sudo service mysql start
./temp/testfolder/sql_runner.sh:mysql mysql< create_user.sql -u'root'
./temp/testfolder/sql_runner.sh:mysql ri_db < $1 -u'test' -p'test123'
./temp/testfolder/sql_runner.sh:mysql mysql< destroy_user.sql -u'root'
I had the same problem and have fixed it by changing docker user to root.
// docker run -d -u mysql -e ...
docker run -d -e ...
I feel comfotable with this compilebox and believe that there are no needs for mysql-function. And now I worry that this change could make security problems.
