chroot

A program that has been "rooted" to a directory and has no open file descriptors in the area outside the virtual root directory can no longer access files outside this directory (if the operating system kernel is implemented correctly). chroot thus offers a simple way of moving untrustworthy, test or otherwise dangerous programs into a sandbox . It is a simple jail mechanism that can easily be broken out of.

chroot was not designed as a security feature, but primarily used to set up virtual environments. The first larger known application was in Network Software Engineering (NSE) on SunOS in 1986. Leaving the environment was fchroot(1)possible and documented there.

In practice, "chrooting" is made more difficult by the fact that programs expect to find space for temporary files, configuration files, device files and program libraries in certain fixed locations when they start . In order to run these programs within the chroot directory, the directory must be provided with these necessary files.

Security feature or not?

Unix

• BSD systems try not to let out processes in the chroot(2)environment, i.e. to lock them in. A first appearance of a broad term "jail" ("prison") in this sense has been documented since 1991 with reference to the Unix distribution 4.3BSD . For example, privilege escalation from chroot(8)under NetBSD is very difficult.
• Historically, since the year 2000, BSD systems have offered virtualization at the operating system level, in which the kernel is used by several isolated, completely closed units ( "user space" instances, environments). Pioneer who was FreeBSD - Distribution , which the with their version 4.0 (2000) Unix command jail(8) ready made to process environments safely seal off from each other. This resulted in the coining of the term " jailbreak " until 2004 .
• In Solaris before Solaris 10, chroot was not referred to as a security feature and therefore it was not seen as a problem if a program could “break out” of this environment. The breaking out is even explicitly documented. In order to isolate processes from one another, the Solaris 10 concept of Solaris containers (also: zones ) has existed since 2005 , which chroot(2)builds on and was referred to as "chroot on steroids". In Solaris 10 and later versions, however, many more properties were added and file systems (such as the proc file system ) were explicitly secured against chroot.

Linux

• Under Linux , chroot is not referred to as a security feature either. How the user root can leave a chroot environment is chroot(2)documented in the manual page.
• From 2008, the LinuX Container LXC can be used to create virtual "user space" environments with their own processes that use a common Linux kernel. The GNU / Linux software Docker (2013) is based on LXC and uses operating system virtualization to isolate applications in containers .

commitment

disadvantage

Only the root user can chroot. This is to prevent normal users from placing a setuid program inside a specially made chroot environment (e.g. with a wrong / etc / passwd file) which would lead it to grant rights. However, it also prevents non-root users from using the chroot mechanism to create their own sandbox.

"Schroot" allows users to chroot, "openroot" provides many extended functions such as X11 forwarding for GUI programs.

The chroot mechanism itself is not entirely secure. If a program has root privileges in a chrooted environment, it can (on Linux or Solaris ) use a nested chrooted environment to break out of the first one.

Since most Unix systems are not completely file system oriented, potentially dangerous functionalities such as control over the network and processes through system calls remain available to a chrooted program.

The chroot mechanism itself does not impose any restrictions on resources such as I / O bandwidth, disk space or CPU time.

See also

• OpenVZ - A virtualization solution that works similar to chroot, but seals off better

Web links

Linux

• chroot(8): run a command or an interactive shell with a special root directory -  Debian GNU / Linux systems administration manual page
• chroot(2): Change root directory -  Debian GNU / Linux system calls manual page
• xchroot: chroot for users of Xorg / X11 and on / unionfs

Unix

• jail(8): Managing system jails - FreeBSD system administration man page
• jail(2): Creating and managing system jails - FreeBSD system invocation manual page
• chroot(8): Change Root Directory -  OpenBSD System Manager's Manual - ( System Administration )
• chroot(2): Change root directory -  OpenBSD System Calls Manual - ( system call )

Individual evidence

1. ↑ ^{a b} : An Evening with Berferd: In Which a Cracker is Lured, Endured, and Studied . In: USENIX Summer Conference Proceedings, Volume 1 . In: USENIX . The Association, p. 163.
2. ↑ How to break out of a chroot environment - From NetBSD Wiki ( Memento December 10, 2008 in the Internet Archive )
3. ↑ The number in parentheses after the name of Unix commands the division follows in so-called man page - Sections ( "Areas"), these are: (1) General Command, (2) system calls (3) subroutines (4) Special files (5) file formats, (6) games, (7) macros and conventions, (8) maintenance commands, (9) kernel interface, (n) new commands.
4. ↑ Matteo Riondato: FreeBSD Handbook Chapter 15 Jails . The FreeBSD Project. Retrieved August 19, 2014.
5. ↑ Cyrus Peikar: Security Warrior . O'Reilly Media, January 12, 2004, ISBN 9780596552398 , p. 304 (Retrieved August 19, 2014).
6. ↑ Klaus Schmidt: High Availability and Disaster Recovery: Concepts, Design, Implementation . Springer Science & Business Media, September 2, 2006, ISBN 9783540345824 , p. 186 (accessed August 21, 2014).
7. ↑ cf. to chroot(1m), chroot(2), fchroot(2)and gchroot(1); Retrieved April 10, 2014
8. ↑ SourceForge LXC Download Files . Retrieved August 21, 2014.
9. ↑ Rami Rosen: Linux Containers and the Future Cloud . March 26, 2014. Retrieved August 21, 2014.
10. ↑ About Us | Docker. (No longer available online.) Docker Inc., archived from the original on July 18, 2014 ; accessed on September 6, 2014 . 
11. ^ What is Docker and when to use it. (No longer available online.) CenturyLink Innovations Lab, archived from the original on September 10, 2014 ; Retrieved September 9, 2014 . 
12. ↑ Installation of the Gentoo base system ( Memento from December 22, 2014 in the Internet Archive )
13. ↑ Simon's computing stuff - How to break out of a chroot () jail ( Memento from January 27, 2016 in the Internet Archive )
14. ↑ xen vs openvz ( Memento from April 17, 2009 in the Internet Archive )