For websec.fr, we're running each level into a harneded chroot, under a different user, likely because we trust the players as much as we trust php. Our last level, level19 may send some emails, but unfortunately, with our setup, this is non-trivial, because the mail function of php is directly using the sendmail binary.
So I thought about compiling it statically.
- But since sendmail is bloated (and painful to compile), I gave a try to mini_sendmail, which had a broken makefile.
- But it's using
gethostbyname
, so it can't be compiled in a static way, because this function is implemented in glibc's NSS wrapper, so I went with musl instead. - But since we didn't want to host our own smtp server, we're using a free
mail provider, than only accept opportunistic
TLS, and musl doesn't
provide enough crypto for that. So we implemented a
smtp
client in pure PHP. - But since PHP is, well, PHP, it failed to switch to crypto inside the chroot.
The solution is simply to type mknod dev/random c 1 8
(and not urandom
,
because apparently there are still people that don't get the
difference), to provide a source of
entropy inside the chroot. It doesn't make much sense, since php should already have
access to a PRNG, even inside a chroot.
You can now use stream_socket_enable_crypto
inside your chroot (and send STARTTLS
powered emails)!
(many thanks to nurfed for wasting time with me helping me.)