Tags:
create new tag
, view all tags
chroot (CHange ROOT?) is a command that runs a command as if it were in a root directory, but a directory different than your normal root directory. By running possibly insecure processes in a chroot jail, the security of your system is increased. A cracker that breaks into your system (generally??) has access limited to that different directory, and does not have full root access.

Depending on circumstances, AFAICT, it could make sense to run all server processes in chroot jails.

For a good example of the use of a chroot jail, read the next paragraph and follow the links -- should move the example here:

One way is by mounting the disk temporarily (as hda, IIUC), then running lilo in a chroot jail on that temporary mount. More notes on this are at DdCloningScript and Parted (and should eventually be moved here as those pages are refactored).

See:

  • info chroot

See AboutThesePages.

Contents

Notes

Syntax

chroot <new_root_directory> [<command> [<args>]]

or

chroot <option>

Discussion

From James (james@opencountryPLEASENOSPAM.org):

In the past script kiddies have used some of the original capabilities of ftp to login, and take over computers. ie ftp up a program (root-kit, etc) then login to the ftp directory compile it and run it.

When you chroot the program root gets set to the directory the user is in. As far as they are concerned there exists nothing higher on the directory tree than where they are This means that if they do manage to exploit something the damage they can do is limited to the "jail" that they are in. Other advantages include, but not limited to,

  1. They can only use utilities that exist in that chroot jail ie ls ps etc are local and any changes made to them aren't going to affect the box as a whole.
  2. Nib Nosers can't poke around your box and find your secret stash of Britney Spears photo's
  3. breaking out of the jail is one more line of defense.

These are but a few reasons why programs get chrooted. Chroot is also useful if you have rebooted without running lilo first. It allows you to boot from a rescue disk, mount the HDD and run lilo as if your root was the mount point instead of the real /

<Currently, no significant content below this line.>

Resources

See ResourceRecommendations. Feel free to add additional resources to these lists, but please follow the guidelines on ResourceRecommendations including ResourceRecommendations#Guidelines_for_Rating_Resources.

Recommended

  • (rhk) [[][]] --

Recommended for Specific Needs

  • (rhk) [[][]] --

Recommended by Others

  • (rhk) Jail Chroot Project; Juan M. Casillas; viewed 20 Oct 2002 -- "Jail Chroot Project is an attempt of write a tool that builds a chrooted environment."

No Recommendation

  • (rhk) [[][]] --

Not Recommended

  • (rhk) [[][]] --

Contributors

  • () RandyKramer - 22 Jul 2002
  • <If you edit this page: add your name here; move this to the next line; and include your comment marker (initials), if you have created one, in parenthesis before your WikiName.>

[[Main.RandyKramer#22 Jul 2002][]]

Page Ratings

Edit | Attach | Watch | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r4 - 2003-03-13 - RandyKramer
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by PerlCopyright 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding WikiLearn? WebBottomBar">Send feedback
See TWiki's New Look