From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Original-To: caml-list@yquem.inria.fr Delivered-To: caml-list@yquem.inria.fr Received: from mail1-relais-roc.national.inria.fr (mail1-relais-roc.national.inria.fr [192.134.164.82]) by yquem.inria.fr (Postfix) with ESMTP id 45935BC57 for ; Sun, 19 Dec 2010 00:02:01 +0100 (CET) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AvQBAPrLDE3UGyoFkWdsb2JhbACDZKBRFQEBAQEJCwoHEQMhqn48hisuiFyBIYM1dASGY4Qegxca X-IronPort-AV: E=Sophos;i="4.60,194,1291590000"; d="scan'208";a="92841606" Received: from smtp5-g21.free.fr ([212.27.42.5]) by mail1-smtp-roc.national.inria.fr with ESMTP; 19 Dec 2010 00:02:00 +0100 Received: from gatekeeper.fr (unknown [81.57.200.24]) by smtp5-g21.free.fr (Postfix) with ESMTP id 845C7D48070; Sun, 19 Dec 2010 00:01:53 +0100 (CET) Received: from [192.168.69.2] (greg.gatekeeper.fr [192.168.69.2]) by gatekeeper.fr (Postfix) with ESMTP id 56FD623D0FF; Sun, 19 Dec 2010 00:01:52 +0100 (CET) Message-ID: <4D0D3D60.2030205@gmail.com> Date: Sun, 19 Dec 2010 00:01:52 +0100 From: Gregory BELLIER User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101211 Lanikai/3.1.7 MIME-Version: 1.0 To: Gerd Stolpmann Cc: caml-list@inria.fr Subject: Re: [Caml-list] How does chroot work ? References: <1292700715.22147.324.camel@thinkpad> In-Reply-To: <1292700715.22147.324.camel@thinkpad> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam: no; 0.00; gerd:01 stolpmann:01 gerd:01 caml-list:01 posix:01 executable:03 tricky:04 root:04 root:04 depends:04 privileged:05 i'd:06 schrieb:08 break:08 undo:08 Le 18/12/2010 20:31, Gerd Stolpmann a écrit : > Am Samstag, den 18.12.2010, 18:09 +0100 schrieb Gregory Bellier: >> Hi ! >> >> For security reasons, I would like to chroot a child process but I >> can't do it unless this process is root. >> How does it work exactly ? > If everybody could chroot it would be possible to change passwords and > do other privileged operations in the new chroot (it depends on the OS > how dangerous this really is, but POSIX assumes it is dangerous). > Because of this it is restricted to root. > > Furthermore, chroot is not designed for enhancing the security. A root > process can undo chroot (look it up in the web, it's tricky but > possible). If a normal user could chroot, everybody could also break > out. > > So, usually you would start a new process as root, establish the chroot > there, and setuid to a non-privileged user for doing the real work. If > you cannot start as root, you could alternatively also set the setuid > bit of the executable. However, running a process with setuid root adds > new security dangers, so it is questionable whether you can improve the > overall security by such means. > > I'd advise not to use chroot unless you exactly understand what you are > doing. > > Gerd Hi Gerd and thank you for your email. Yes, I know what I'm doing. Regards, Gregory.