chroot_safe - Chroot dynamically linked applications in a sane and safe manner
chroot_safe user chroot_directory application [arguments...]
chroot_safe is a tool to chroot any application in a safe and sane manner
without requring binaries, shared libraries etc within the chroot or any
support from the application. Works with any dynamically linked application.
Normally when you chroot applications not having native support
for chroot there is a number of obstacles to overcome
- The binary must be within the chroot jail
- All libraries used by the binary must be within the chroot jail
- chroot does not drop root privileges
- su nobody -c does not chroot
Shortcomings 3 & 4 can be addressed by writing a small tool
replacing chroot, but you still have limitations 1 & 2.
chroot_safe addresses all four of these shortcomings by at runtime
linking instrument the application to perform a full chroot and drop all
root privileges just after dynamic linking has completed but before the
application as such is started. This is done via a small LD_PRELOAD stub and
a shell wrapper giving instructions on how to chroot.
Here is a silly example demonstrating the power of this application: chroot
"ls -l" to /tmp in a safe manner without needing to prepare anything
- chroot_safe nobody /tmp ls -l
Note: This example does not work on FreeBSD or other platforms
where ls is statically linked.
You can also find a howto chroot an anonymous CVS server online at
This application utilizes some shared library loading tricks to instrument the
application with the required chroot hooks. Because of this it won't work on
statically linked applications.
If there is any problem chrooting the application an error message
is printed on stderr, and execution of the application is terminated.
Root privileges are required to chroot applications.
For details on the inner workings see the comments in the
Henrik Nordstrom <firstname.lastname@example.org>
Send bug fixes or improvements to the author
chroot(8), su(1), http://chrootsafe.sourceforge.net/