LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Multipath TCP: an overview

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

What chroot() is really for

What chroot() is really for

Posted Oct 5, 2007 11:56 UTC (Fri) by Klavs (subscriber, #10563)
In reply to: What chroot() is really for by ckelso
Parent article: What chroot() is really for

Chroot definetely has it's uses in the security field.

The apache example is a good one. One should always have several layers of security, and putting apache in a chroot is such a layer - and a good one at that. The "risk" of someone finding a bug in some website software is VERY high - even if it's your own software and you've been security conscious - we all make mistakes, and also new bugs is found in PHP and other languages all the time.

Also - it is a VERY good idea to mount /tmp none-executable (if in a chroot - there's a limit to what the executable can do though :) and to have a seperate DB-user for the user (ie. what the casual browser/internet user sees) and the admin section, and remember the principle of least privilege.

(Log in to post comments)

What chroot() is really for

Posted Oct 5, 2007 15:47 UTC (Fri) by jond (subscriber, #37669) [Link]

Non-executable /tmp can be trivially circumvented by calling the loader with your binary as an argument.

What chroot() is really for

Posted Oct 5, 2007 22:04 UTC (Fri) by giraffedata (subscriber, #1954) [Link]

Non-executable /tmp can be trivially circumvented by calling the loader with your binary as an argument.

Then you'd probably want to make sure that loader isn't present in your chroot jail. I assume you're talking about glibc's ld-linux.so, which is an essential part of running programs that use dynamically linked libraries. Chroot jails I've seen have statically linked programs and don't need it.

Incidentally, if this is really an issue -- people want to have shared libraries within a chroot jail and still stop people from running programs they created themselves in /tmp -- it would not be hard to disable ld-linux.so's ability to run programs like that. The ability to exec ld-linux.so is a frill added to its basic function as a Linux program interpreter that runs when you exec something else.

What chroot() is really for

Posted Oct 11, 2007 8:48 UTC (Thu) by tbleher (guest, #48307) [Link]

> Non-executable /tmp can be trivially circumvented by calling the loader
> with your binary as an argument.

That was true some years ago. Nowadays ld-linux.so fails if it is called
on a binary on a non-executable mount.

What chroot() is really for

Posted Oct 7, 2007 17:56 UTC (Sun) by thedevil (guest, #32913) [Link]

>> The apache example is a good one. One should always have several layers of security, and putting apache in a chroot is such a layer - and a good one at that. The "risk" of someone finding a bug in some website software is VERY high - even if it's your own software and you've been security conscious - we all make mistakes, and also new bugs is found in PHP and other languages all the time. <<

How do you enable per-user web directories (typically ~/public_html) if the webserver is chrooted?

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds