Regarding the comment made by Steve Bellovin (pasted at the end of this
message):
I was under the impression that running the chroot() command on a UNIX
box would make it impossible for all subsequently launched programs to
access files located above the newly defined root point, even if such
programs are launched with a UID of 0. Thus, the command could be used
as a simple "wrapper" to prevent a user application program which is not
completely trusted (for example, a commercial SW package for which source
code is unavailable) from being misused to access critical system files.
That is, chroot could be run to define the root point such that critical
files are inaccessible, and then the untrusted application would
subsequently be launched. Is this not correct?
(I am new to this list, so I apologize if this question has already been
answered.)
- Doug Steinbaum
>It is important to understand what chroot() is and what it isn't. It is
>not a virtualization of the machine. Attempts to use it as such are
>quite likely doomed. It is a mechanism to virtualize file name access;
>at that, it does quite a good job, and has since shortly after the first
>public release in 1979. (That version permitted chroot("..") out of the
>subtree.)
>
>Standard UNIX systems do not have a complete virtual environment. There
>have been various attempts to add these on, with more or less success.
>But it's an area where one should tread cautiously.
>
>
> --Steve Bellovin
Received on Nov 13 1997
Intro
