chankro: bad wrapper

[noraj]

$ chankro --arch 64 --input /tmp/script.sh --output chankro.php --path /var/www/html/upload 


     -=[ Chankro ]=-
    -={ @TheXC3LL }=-


Traceback (most recent call last):
  File "/usr/share/chankro/chankro.py", line 58, in <module>
    with open(archi, "rb") as bicho:
IOError: [Errno 2] No such file or directory: 'hook64.so'

$ ls /usr/share/chankro/          
chankro.py  hook32.so  hook64.so  hook.c

$ which chankro
/usr/bin/chankro

$ cat /usr/bin/chankro
#!/bin/sh
exec python2 /usr/share/chankro/chankro.py "${@}"

But if changing /usr/bin/chankro to

#!/bin/sh
cd /usr/share/chankro/
exec python2 chankro.py "${@}"

Chankro can't write to /usr/share/chankro/

$ chankro --arch 64 --input /tmp/script.sh --output chankro.php --path /var/www/html/upload


     -=[ Chankro ]=-
    -={ @TheXC3LL }=-


[!] Error: file could not be created

This force the use to specify an absolute path for output.

Upstream maintainer should write to the path the script was call rather than the working dir of the script for relative path. Or better change the loading mechanism of hook64.so by using something like $install_dir/hook64.so rather than ./hook64.so.

[noptrix]

thx @noraj - this is just a 'cd /usr/share/$pkgname/ ... exec python2 $pkgname.py "$@"' we need to replace. shall i do it quickly?

[noraj]

@noptrix No, see my update.

[noptrix]

@noptrix No, see my update.

this is nothing new and a lot of tools are like that (that's why r00t is prefered :)) -- so my suggestion is to fix it now and wait also for the upstream changes.

[noraj]

@noptrix We can't fix it now, it will depends if the fix is about fixing the path of the hook or fix the path of the output.

[noraj]

@noptrix I made the upstream fix see TarlogicSecurity/Chankro#4

[noraj]

@noptrix upstream merged.

[noptrix]

@noraj thanks! will revert our patch and use upstream fixed version.