How does chroot work ?

How does chroot work ?

[Gregory Bellier]

Hi !

For security reasons, I would like to chroot a child process but I
can't do it unless this process is root.
How does it work exactly ?

Thanks in advance.
Gregory.

Re: [Caml-list] How does chroot work ?

[Gerd Stolpmann]

Am Samstag, den 18.12.2010, 18:09 +0100 schrieb Gregory Bellier:
> Hi !
> 
> For security reasons, I would like to chroot a child process but I
> can't do it unless this process is root.
> How does it work exactly ?

If everybody could chroot it would be possible to change passwords and
do other privileged operations in the new chroot (it depends on the OS
how dangerous this really is, but POSIX assumes it is dangerous).
Because of this it is restricted to root.

Furthermore, chroot is not designed for enhancing the security. A root
process can undo chroot (look it up in the web, it's tricky but
possible). If a normal user could chroot, everybody could also break
out.

So, usually you would start a new process as root, establish the chroot
there, and setuid to a non-privileged user for doing the real work. If
you cannot start as root, you could alternatively also set the setuid
bit of the executable. However, running a process with setuid root adds
new security dangers, so it is questionable whether you can improve the
overall security by such means.

I'd advise not to use chroot unless you exactly understand what you are
doing.

Gerd

> Thanks in advance.
> Gregory.
> 
> _______________________________________________
> Caml-list mailing list. Subscription management:
> http://yquem.inria.fr/cgi-bin/mailman/listinfo/caml-list
> Archives: http://caml.inria.fr
> Beginner's list: http://groups.yahoo.com/group/ocaml_beginners
> Bug reports: http://caml.inria.fr/bin/caml-bugs
> 


-- 
------------------------------------------------------------
Gerd Stolpmann, Bad Nauheimer Str.3, 64289 Darmstadt,Germany 
gerd@gerd-stolpmann.de          http://www.gerd-stolpmann.de
Phone: +49-6151-153855                  Fax: +49-6151-997714
------------------------------------------------------------

Re: [Caml-list] How does chroot work ?

[Gregory BELLIER]

Le 18/12/2010 20:31, Gerd Stolpmann a écrit :
> Am Samstag, den 18.12.2010, 18:09 +0100 schrieb Gregory Bellier:
>> Hi !
>>
>> For security reasons, I would like to chroot a child process but I
>> can't do it unless this process is root.
>> How does it work exactly ?
> If everybody could chroot it would be possible to change passwords and
> do other privileged operations in the new chroot (it depends on the OS
> how dangerous this really is, but POSIX assumes it is dangerous).
> Because of this it is restricted to root.
>
> Furthermore, chroot is not designed for enhancing the security. A root
> process can undo chroot (look it up in the web, it's tricky but
> possible). If a normal user could chroot, everybody could also break
> out.
>
> So, usually you would start a new process as root, establish the chroot
> there, and setuid to a non-privileged user for doing the real work. If
> you cannot start as root, you could alternatively also set the setuid
> bit of the executable. However, running a process with setuid root adds
> new security dangers, so it is questionable whether you can improve the
> overall security by such means.
>
> I'd advise not to use chroot unless you exactly understand what you are
> doing.
>
> Gerd
Hi Gerd and thank you for your email.

Yes, I know what I'm doing.

Regards,
     Gregory.