Sources
Help build the largest human-edited directory on the web.
Submit a site - Become an editor
Wikipedia. Licensed under the GNU Free Documentation License.
Are you an expert in this subject? Join the discussion and share your knowledge at Wikipedia.org.
Chroot
From Wikipedia, the free encyclopedia
- The correct title of this article is chroot. The initial letter is shown capitalized due to technical restrictions.
A chroot on Unix operating systems is an operation that changes the root directory. It affects only the current process and its children. "chroot" itself can refer to the chroot(2) system call or the chroot(8) wrapper program.
A program that is re-rooted to another directory cannot name files outside that directory. This provides a convenient way to sandbox an untrusted, untested or otherwise dangerous program. It is also a simple kind of jail mechanism.
In practice, chrooting is complicated by programs expecting at startup to find scratch space, configuration files, device nodes and shared libraries at certain preset locations. To allow programs to spawn inside the chroot directory, it must be populated with a minimum set of these files, preferably carefully chosen so as not to allow unintended access to the outside system.
Programs are allowed to carry open file descriptors (for files, pipelines and network connections) into the chroot, which can simplify jail design by making it unnecessary to leave working files inside the chroot directory. This also works as a simple capability system, in which the program is explicitly granted access to resources outside the chroot based on the descriptors it can carry in.
Contents |
- Privilege separation
- A chroot can be used as a pre-emptive way of containing a security breach by preventing a would-be attacker from doing any damage or probing the host system with a compromised program. A network file server, for example, can chroot to the directory it is serving files from just after accepting a network connection from a client. A similar approach is used by the Postfix mail transfer agent, which divides its work up into a pipeline of smaller, individually chroot-jailed programs.
- Honeypotting
- A chroot directory can be populated so as to simulate a real system running network services. The chroot mechanism can then prevent attackers who do compromise the system from discovering that it is an artificial environment, or from breaking out into the real system.
- Testing
- The isolation provided by the chroot mechanism is also useful for testing purposes. A separate copy of the operating system can be installed into the chroot directory as a test environment for software that would otherwise be too risky to deploy on a production system.
- Development Isolation
- A chroot environment is an effective way of isolating a development project to enforce the use of a specific set of libraries and limit some of the autoconf and similar dependencies against which programs are linked. A developer may have a set of libraries installed on his or her workstation which are used for general purpose computing tasks (such as web browsing, etc) while having the need to work on a project that is targeted for systems that are not intended to have those same libraries installed. By using a chroot "jail" the developer can still use autoconfiguration tools and the normal linking resolution defaults while still controlling exactly which libraries and dependencies become part of any specific project.
Chroot jails are also used by AMD64 Linux users who need to run 32-bit programs like Skype, Picasa and WMV codecs.
Only the root user can perform a chroot. This is intended to prevent users from putting a setuid program inside a specially-crafted chroot jail (for example, with a fake /etc/passwd file) that would fool it into giving out privileges. It also, however, prevents non-root users from using the chroot mechanism to create sandboxes of their own.
The chroot mechanism itself is not entirely secure on all systems. On some systems, chroot contexts do not stack properly; on such a system, if a chrooted program has root privileges, it can perform a second chroot to break out.
Most Unixes are not completely file system-oriented and leave potentially disruptive functionality like networking and process control available through the system call interface to a chrooted program.
The chroot mechanism in itself also does not restrict the use of resources like I/O bandwidth, disk space or CPU time.
A chroot prison is a form of jail implemented on UNIX-like systems using the chroot command. It is a context within which a process can be run with limited access to the file-system.
- Jailkit: A set of utilities to build chroot environments.
- Jail: Another set of utilities to build chroot environments.
- Virtfs: chrooted virtual server administration tool(s)
- Article "Setting up a Chroot Jail for CVS" by Frank Schoep
- Article "Bind-Chroot-Howto (Debian)" by Falko Timme
| Unix command line programs and builtins (more) | |||
| File and file system management: | cat | cd | chmod | chown | chgrp | cp | du | df | file | fsck | ln | ls | lsof | mkdir | mount | mv | pwd | rm | rmdir | split | touch | ||
| Process management: | at | chroot | crontab | exit | kill | killall | nice | pgrep | pidof | pkill | ps | sleep | time | top | wait | watch | ||
| User Management/Environment: | env | finger | id | mesg | passwd | su | sudo | uname | uptime | w | wall | who | whoami | write | ||
| Text processing: | awk | comm | cut | ex | head | iconv | join | less | more | paste | sed | sort | tail | tr | uniq | wc | xargs | ||
| Shell programming: | echo | expr | printf | unset | Printing: | lp |
| Communications: inetd | netstat | ping | rlogin | traceroute |
Searching: find | grep | strings |
Miscellaneous: banner | bc | cal | man | size | yes |
|