From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Original-To: caml-list@yquem.inria.fr Delivered-To: caml-list@yquem.inria.fr Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) by yquem.inria.fr (Postfix) with ESMTP id A4DC9BC57 for ; Sat, 18 Dec 2010 20:31:59 +0100 (CET) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AnwBAD2bDE3U4xEIkGdsb2JhbACDZJIJjkgVAQEBAQkJDAcRAyGrT5AlAoEfgzV0BIchhnc X-IronPort-AV: E=Sophos;i="4.60,194,1291590000"; d="scan'208";a="71085474" Received: from moutng.kundenserver.de ([212.227.17.8]) by mail3-smtp-sop.national.inria.fr with ESMTP; 18 Dec 2010 20:31:59 +0100 Received: from office1.lan.sumadev.de (dslb-094-219-215-053.pools.arcor-ip.net [94.219.215.53]) by mrelayeu.kundenserver.de (node=mrbap2) with ESMTP (Nemesis) id 0MIxJ3-1PRYbH0aQj-0033nv; Sat, 18 Dec 2010 20:31:58 +0100 Received: from [192.168.0.29] (dslb-084-058-038-006.pools.arcor-ip.net [84.58.38.6]) by office1.lan.sumadev.de (Postfix) with ESMTPA id 151CB5F702; Sat, 18 Dec 2010 20:31:57 +0100 (CET) Subject: Re: [Caml-list] How does chroot work ? From: Gerd Stolpmann To: Gregory Bellier Cc: caml-list@inria.fr In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Date: Sat, 18 Dec 2010 20:31:55 +0100 Message-ID: <1292700715.22147.324.camel@thinkpad> Mime-Version: 1.0 X-Mailer: Evolution 2.28.1 Content-Transfer-Encoding: 7bit X-Provags-ID: V02:K0:iSvDwpS7lGYL3phUjrL+H4gkd1I9my4JHHKB18Y6XH7 llvpVy+EttdVjQ4NPGjaQxKnldDVVjKqdRcf4ljas85h/HCvnH 3JJr/ENKHgG3W3BiJ8xpwD8ZQe6/+gc2usznvirWKSfu8jYfWC Jd2Etnv7jHfIJoWDQAIFVRNHUzAIQILwZzlrDIBl+vv7KXQtkz l5/ZhBPKoxXhWSw/IP0eA== X-Spam: no; 0.00; gerd:01 stolpmann:01 gerd:01 beginner's:01 ocaml:01 bug:01 stolpmann:01 darmstadt:01 6151:01 6151:01 beginners:01 caml-list:01 caml-list:01 posix:01 bin:01 Am Samstag, den 18.12.2010, 18:09 +0100 schrieb Gregory Bellier: > Hi ! > > For security reasons, I would like to chroot a child process but I > can't do it unless this process is root. > How does it work exactly ? If everybody could chroot it would be possible to change passwords and do other privileged operations in the new chroot (it depends on the OS how dangerous this really is, but POSIX assumes it is dangerous). Because of this it is restricted to root. Furthermore, chroot is not designed for enhancing the security. A root process can undo chroot (look it up in the web, it's tricky but possible). If a normal user could chroot, everybody could also break out. So, usually you would start a new process as root, establish the chroot there, and setuid to a non-privileged user for doing the real work. If you cannot start as root, you could alternatively also set the setuid bit of the executable. However, running a process with setuid root adds new security dangers, so it is questionable whether you can improve the overall security by such means. I'd advise not to use chroot unless you exactly understand what you are doing. Gerd > Thanks in advance. > Gregory. > > _______________________________________________ > Caml-list mailing list. Subscription management: > http://yquem.inria.fr/cgi-bin/mailman/listinfo/caml-list > Archives: http://caml.inria.fr > Beginner's list: http://groups.yahoo.com/group/ocaml_beginners > Bug reports: http://caml.inria.fr/bin/caml-bugs > -- ------------------------------------------------------------ Gerd Stolpmann, Bad Nauheimer Str.3, 64289 Darmstadt,Germany gerd@gerd-stolpmann.de http://www.gerd-stolpmann.de Phone: +49-6151-153855 Fax: +49-6151-997714 ------------------------------------------------------------