[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Chroot jail
- To: "Nadav Har'El" <nyh(at-nospam)math.technion.ac.il>
- Subject: Re: Chroot jail
- From: Tzafrir Cohen <tzafrir(at-nospam)technion.ac.il>
- Date: Thu, 11 Oct 2001 00:58:09 +0200 (IST)
- Cc: Eran Levy <eranle(at-nospam)netvision.net.il>, <linux-il(at-nospam)linux.org.il>
- Delivered-To: linux.org.il-linux-il@linux.org.il
- In-Reply-To: <20011011004449.A19863@leeor.math.technion.ac.il>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
On Thu, 11 Oct 2001, Nadav Har'El wrote:
> On Wed, Oct 10, 2001, Eran Levy wrote about "Chroot jail":
> > Hi,
> > I know how making bind, apache, etc. into a chroot jail. But now I want to
> > make a guest account in a chroot jail. I had some documents/guides about
> > that, but I cant find them now. Can someone give me URLs of
> > documents/guides? I cant find guides/document specified for a user account
> > in a chroot jail. Any idea?
>
> I don't know of any guides (try a search engine like Google) but there's
> one obvious problem you'll need to solve when chroot-jailing someone: you'll
> need to provide a copy all the binaries, libraries, and so on that the user is
> supposed to use inside his jail. This becomes unwieldy when you have several
> jailed users.
> Two ways to prevent this redunant copying:
> 1. Use hard-links (symbolic links won't work) rather than copying
> 2. Put all the binaries, libraries, etc., that you want to give your
> users in a seperate partition, and then mount it at multiple mount points.
> This is possible in Linux! You can even have a virtual partition (e.g.,
> some sort of loopback) and not a real disk partition.
>
> But if you use one of these solutions, watch out: one of the ideas of a
> chroot jail is that the user may (through some exploit) become root, but
> then can only ruin his own files. If the files are linked to other files,
> he'll be able to ruin those files. So never link a non-trusted user's files
> with the ones you're using - always make at least one other copy - for the
> non-trusted jailed users.
If you assume that the chroot-ed user can become root, and he either has a
compiler or a binary of "chroot" then he can also break out of the chroot
jail, and become root of the whole system.
--
Tzafrir Cohen
mailto:tzafrir@technion.ac.il
http://www.technion.ac.il/~tzafrir
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il