Slashdot Mirror

← Back to Stories (view on slashdot.org)

When Not to Use chroot

Posted by CowboyNeal on from the trust-no-one dept.

Hyena writes "Linux guru Alan Cox is quoted as saying 'chroot is not and never has been a security tool' in a KernelTrap article summarizing a lengthy thread on the Linux Kernel mailing list. The discussion began with a patch attempting to 'fix a security hole' in the Unix chroot command, trying to improve the ability of chroot to contain a process. When it was pointed out that people have been using chroot as a security tool for years, another kernel hacker retorted, 'incompetent people implementing security solutions are a real problem.' A quick search on the terms 'chroot+security' quickly reveals that many people have long thought (wrongly) that chroot's purpose was for improving security."

5 of 407 comments (clear)

  1. misleading... by onemorehour · · Score: 5, Informative

    This summary is truly and terribly misleading--the discussion simply says that a root user can break out of a chroot jail. Is this news? chroot can still be effectively used to contain processes that do not run as root.

  2. Re:Then what is it for? by larry+bagina · · Score: 5, Informative

    Actually, Bill Joy invented chroot as a hack to use a custom /usr/include directory in a compiler that didn't support alternate include paths.

    --
    Do you even lift?

    These aren't the 'roids you're looking for.

  3. Re:For daemons that don't run as root by TheRaven64 · · Score: 5, Informative
    Yes you can. As I said, you launch them with:

    # chroot directory su nobody daemon
    This will chroot into directory, and run daemon as the nobody user. As long as the version of su inside your jail doesn't have any security holes, you will be fine. If you don't trust it, I've written a modified version of chroot, which calls setuid() and setgid() to a named user and group before executing the named process. This eliminates the need for a working su inside the chroot, typically removing the need for any setuid programs in the chroot.

    Just because you can only run a command as a superuser doesn't mean that all of the child processes of that command have to be run as the superuser. If this were the case, since init runs as root you would not have a multiuser system.

    --
    I am TheRaven on Soylent News
  4. Re:misleading...Re:Asshole Stereotype by visualight · · Score: 5, Informative

    I think his comment was directed specifically at people who do not have enough understanding to implement a security solution on linux but think they do. Would the same comment coming from an official MS authority on security make you not want to use Vista?

    Anyway, I do understand the perspective behind your reaction, but it doesn't fit in this specific case.

    --
    Samsung took back my unlocked bootloader because Google wants me to rent movies. They're both evil.
  5. Citation by BobKagy · · Score: 5, Informative

    Actually, Bill Joy invented <tt>chroot</tt> as a hack to use a custom /usr/include directory in a compiler that didn't support alternate include paths.

    http://blogs.sun.com/chrisg/tags/chroot

    Dr. Marshall Kirk Mckusick, private communication: ``According to the SCCS logs, the chroot call was added by Bill Joy on March 18, 1982 approximately 1.5 years before 4.2BSD was released. That was well before we had ftp servers of any sort (ftp did not show up in the source tree until January 1983). My best guess as to its purpose was to allow Bill to chroot into the /4.2BSD build directory and build a system using only the files, include files, etc contained in that tree. That was the only use of chroot that I remember from the early days.''