Greg Norris wrote: > Has anyone here has tried out chroot_safe[1]? Any comments on how well > it works, or how it compares security-wise to a normal chroot > environment? I have a couple of small apps (such as the Folding@Home > client) which I'd like to run chroot'd, and this beastie sounds like an > ideal way to go about it. > > For those of you aren't familiar, chroot_safe claims to chroot > dynamically linked applications without requiring all the libraries (and > other supporting files) to be present. Apparently this is done by > pre-linking (via a LD_PRELOAD stub), and then chrooting before the app > is actually started. I haven't read any of the code, but based on their documentation, so long as you trust the binary you're chrooting, it should be as safe as regular chroot. The paranoid part of me suspects that a malicious binary could run under chroot_safe and manage to avoid running chrooted, although it might have to find an exploit a hole in chroot_safe to do so. But as long as you trust the binary program you're chrooting, and are only concerned about its behavior when fed untrusted data or the like, after being chrooted, this seems like a perfectly safe and rather handy way to go about chrooting it. Oh and also, there's no reason a simple program without LD_PRELOAD magic couldn't automatically set up a chroot environment for a program to run in. -- see shy jo
Attachment:
signature.asc
Description: Digital signature