Find the answer to your Linux question:
Results 1 to 5 of 5
Have anybody heard something about the chroot command that are included in for example redhat 9. I´ve heard that its not that secure?? The jail that are created have been ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Engineer
    Join Date
    Apr 2003
    Location
    Sweden
    Posts
    796

    Insecure included chroot command in Linux??


    Have anybody heard something about the chroot command that are included in for example redhat 9. I´ve heard that its not that secure??

    The jail that are created have been escaped for some programs and applications. Have anyonelse heard anyting about that?? I have a homemade chroot command that does the samething but shall be a secure one, therefore i wonder if the included chroot command is secure i dont need to maintain the otherone.

    Regards

    Regards

    Andutt

  2. #2
    Linux Engineer
    Join Date
    Apr 2003
    Location
    Sweden
    Posts
    796
    Have no-one read it or used it themselfs??

    Regards

    Andutt

  3. #3
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    Nope; post a link and I'll try to look into it.
    The thing is that the standard chroot environment can be broken by processes running as root, since they can mount a proc file system anywhere in their VFS namespace and then chroot to /proc/1/root.
    I don't know how they suppose to solve this, but I'd love to look at it.

  4. #4
    Linux Engineer
    Join Date
    Apr 2003
    Location
    Sweden
    Posts
    796
    I dont have any link i´m afraid, there not so much documentation out there on chroot envireonments, ther are much for bind and postfix.. because they have been around for some time.

    The included chroot command in RH i have heard wispersing by my linuxfriends and on work that it shouldnt be good. But they can´t show any evidense... so the best why of knowing is to ask the community.

    Regards

    Regards

    Andutt

  5. #5
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    What they are referring to is probably the thing that root can always escape. If you then set the UID to a normal user, you don't have any worries, as long as there isn't a proc filesystem mounted somewhere in the jail.
    I thought you said that you had a home made command? Don't you have a link or docs or anything about that?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •