Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
chroot_safe(1)		    General Commands Manual		chroot_safe(1)

NAME
       chroot_safe - Chroot dynamically	linked applications in a sane and safe
       manner

SYNOPSIS
       chroot_safe user	chroot_directory application [arguments...]

DESCRIPTION
       chroot_safe is a	tool to	chroot any application in a safe and sane man-
       ner  without  requring binaries,	shared libraries etc within the	chroot
       or any support from the application. Works with any dynamically	linked
       application.

       Normally	when you chroot	applications not having	native support for ch-
       root there is a number of obstacles to overcome

       1.     The binary must be within	the chroot jail

       2.     All libraries used by the	binary must be within the chroot jail

       3.     chroot does not drop root	privileges

       4.     su nobody	-c does	not chroot

       Shortcomings  3	& 4 can	be addressed by	writing	a small	tool replacing
       chroot, but you still have limitations 1	& 2.

       chroot_safe addresses all four of  these	 shortcomings  by  at  runtime
       linking	instrument  the	 application to	perform	a full chroot and drop
       all root	privileges just	after dynamic linking has completed but	before
       the application as such is started. This	is done	via a small LD_PRELOAD
       stub and	a shell	wrapper	giving instructions on how to chroot.

EXAMPLES
       Here is a silly example demonstrating the power	of  this  application:
       chroot "ls -l" to /tmp in a safe	manner without needing to prepare any-
       thing in	/tmp

	      chroot_safe nobody /tmp ls -l

       Note: This example does not work	on FreeBSD or other platforms where ls
       is statically linked.

       You  can	also find a howto chroot an anonymous CVS server online	at the
       chroot_safe website <http://chrootsafe.sourceforge.net/>

NOTES
       This application	utilizes some shared library loading tricks to instru-
       ment the	application with the required chroot hooks. Because of this it
       won't work on statically	linked applications.

       If there	is any problem chrooting the application an error  message  is
       printed on stderr, and execution	of the application is terminated.

       Root privileges are required to chroot applications.

       For details on the inner	workings see the comments in the source.

AUTHOR
       Henrik Nordstrom	<hno@marasystems.com>

REPORTING BUGS
       Send bug	fixes or improvements to the author

SEE ALSO
       chroot(8), su(1), http://chrootsafe.sourceforge.net/

1.4				  9 Apr	2005			chroot_safe(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=chroot_safe&sektion=1&manpath=FreeBSD+Ports+15.0>

home | help