|1.||The binary must be within the chroot jail|
|2.||All libraries used by the binary must be within the chroot jail|
|3.||chroot does not drop root privileges|
|4.||su nobody -c does not chroot|
chroot_safe addresses all four of these shortcomings by at runtime linking instrument the application to perform a full chroot and drop all root privileges just after dynamic linking has completed but before the application as such is started. This is done via a small LD_PRELOAD stub and a shell wrapper giving instructions on how to chroot.
Here is a silly example demonstrating the power of this application: chroot "ls -l" to /tmp in a safe manner without needing to prepare anything in /tmp
Note: This example does not work on FreeBSD or other platforms where ls is statically linked.
chroot_safe nobody /tmp ls -l
You can also find a howto chroot an anonymous CVS server online at the chroot_safe website
This application utilizes some shared library loading tricks to instrument the application with the required chroot hooks. Because of this it wont work on statically linked applications.
If there is any problem chrooting the application an error message is printed on stderr, and execution of the application is terminated.
Root privileges are required to chroot applications.
For details on the inner workings see the comments in the source.
Henrik Nordstrom <firstname.lastname@example.org>
Send bug fixes or improvements to the author
|1.4||CHROOT_SAFE (1)||9 Apr 2005|