I decided to learn how to use strace and here are my
experiences...
First, get strace from
here. And install it in you Debian root environment and copy it to empeg's.
Make the following file:
empeg:/usr/sbin# cat /usr/sbin/in.telnetd.debug
#! /bin/sh
exec strace -o /tmp/telnetd.strace /usr/sbin/in.telnetd
and then
empeg:/usr/sbin# chmod +x in.telnetd.debug
This file is created in /tmp/telnetd.strace whenever someone telnets into empeg:
execve("/usr/sbin/in.telnetd", ["/usr/sbin/in.telnetd"], [/* 14 vars */]) = 0
brk(0) = 0x201bf14
open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/v4l/libutil.so.1", O_RDONLY) = -1 ENOENT (No such file or directory)
stat("/lib/v4l", 0xbffff1bc) = -1 ENOENT (No such file or directory)
open("/lib/libutil.so.1", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0755, st_size=58553, ...}) = 0
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0H\v\0\000"..., 4096) = 4096
old_mmap(NULL, 38208, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x4001f000
mprotect(0x40021000, 30016, PROT_NONE) = 0
old_mmap(0x40027000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0) = 0x40027000
close(4) = 0
open("/lib/libc.so.6", O_RDONLY) = 4
fstat(4, {st_mode=S_IFREG|0755, st_size=952068, ...}) = 0
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0008\202\1"..., 4096) = 4096
old_mmap(NULL, 934360, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x40029000
mprotect(0x400ff000, 57816, PROT_NONE) = 0
old_mmap(0x40101000, 36864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0xd0000) = 0x40101000
old_mmap(0x4010a000, 12760, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4010a000
close(4) = 0
personality(PER_LINUX) = 8388608
getpid() = 173
brk(0) = 0x201bf14
brk(0x201c0b4) = 0x201c0b4
brk(0x201d000) = 0x201d000
getpeername(0, {sin_family=AF_INET, sin_port=htons(1344), sin_addr=inet_addr("192.168.1.100")}}, [16]) = 0
setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
open("/dev/ptmx", O_RDWR) = -1 ENODEV (No such device)
open("/dev/ptyp0", O_RDWR) = -1 ENOENT (No such file or directory)
write(0, "telnetd: getpty: No such file or"..., 47) = 47
rt_sigprocmask(SIG_BLOCK, [CHLD], [], 8) = 0
rt_sigaction(SIGCHLD, NULL, {SIG_DFL}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
nanosleep({1, 0}, {1, 0}) = 0
_exit(1) = ?
Do the same for the Debian Root environment. Now you have two samples. One that
works and one that fails. Start diffing the two and find out whats wrong.
I don't know why it didnt load ptmx. Perhaps a module in the kernel is needed.
However, it seems like /dev/ptyp0 is missing. Creating ptyp0 with
mknod -m 666 /dev/ptyp0 c 2 0
Got me a little further. Now, I needed ttyp0 as well.
mknod -m 666 /dev/ttyp0 c 3 0
Then I noticed that I was missing a user called tty. I don't know if it was
necessary, but I was making the two files similar, so I added it. First, copy
the chgrp executable from the Debian Root environment and then add tty to
/etc/group
echo "tty:*:5:" >> /etc/group
chgrp tty /dev/*tty*
I also noticed that the file permissions were different in /dev. So I fixed
that. And then I made a directory that was missing.
chmod 666 /dev/*tt*
mkdir /var/run
Then I added some more missing files from the Debian root environment (On
my system, it lives in /drive0/tmp).
cp /drive0/tmp/etc/issue.net /etc
cp /drive0/tmp/etc/nsswitch.conf /etc
cp /drive0/tmp/etc/host.conf /etc
Sigh. It still didn't work. I don't know why I dediced to run login from
the command line, but that was missing in empeg's environment. That
finally allowed me to telnet in.
cp /drive0/tmp/bin/login /bin
P.S.: I also added this line in /etc/passwd, but I think that it might be automatically generated. Not sure, but here it is:
telnetd:!:101:101::/usr/lib/telnetd:/bin/false
and I added the corresponding group to /etc/group
telnetd:x:101:
.
Previous Topic
Index