Chroot is useful for security purposes
Posted Oct 12, 2007 19:04 UTC (Fri) by pm101
Parent article: What chroot() is really for
Chroot can mitigate a large number of security vulnerabilities. Recently, adobe.com was cracked when someone found that URLs to the effect of:
would return arbitrary files on the filesystem. This basic exploit allowed reading basic files because a CGI script forgot to sanitize inputs used as filenames. If Adobe has used a chroot jail, this would have been bad, but couldn't be escalated to provide access to execute programs. It wouldn't have even allowed people to view files in users' home directories or unrelated places.
Because of the lack of chroot jail, it could be escalated to getting the password file, which could then presumably be combined with a dictionary attack to get a few passwords, and log into the machine.
Any security tool misused, including chroot, can cause more problems than it solves. chroot is not a sandbox for running hostile code, and should not be used as such. That said, chroot is a valuable part of a good security toolbox. It is useful for running legacy software with legacy libraries as well, fixing broken installs (I often boot from a CD, and chroot to the hard drive), and other things, but I use it first and foremost as a (somewhat limited) security tool to prevent a limited set of exploits from escalating.
to post comments)