Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
chroot_safe(1)		    General Commands Manual		chroot_safe(1)

NAME
       chroot_safe - Chroot dynamically	linked applications in a sane and safe
       manner

SYNOPSIS
       chroot_safe user	chroot_directory application [arguments...]

DESCRIPTION
       chroot_safe is a	tool to	chroot any application in a safe and sane man-
       ner  without  requring binaries,	shared libraries etc within the	chroot
       or any support from the application. Works with any dynamically	linked
       application.

       Normally	when you chroot	applications not having	native support for ch-
       root there is a number of obstacles to overcome

       1.     The binary must be within	the chroot jail

       2.     All libraries used by the	binary must be within the chroot jail

       3.     chroot does not drop root	privileges

       4.     su nobody	-c does	not chroot

       Shortcomings 3 &	4 can be addressed by writing a	small  tool  replacing
       chroot, but you still have limitations 1	& 2.

       chroot_safe  addresses  all  four  of  these shortcomings by at runtime
       linking instrument the application to perform a full  chroot  and  drop
       all root	privileges just	after dynamic linking has completed but	before
       the application as such is started. This	is done	via a small LD_PRELOAD
       stub and	a shell	wrapper	giving instructions on how to chroot.

EXAMPLES
       Here  is	 a  silly example demonstrating	the power of this application:
       chroot "ls -l" to /tmp in a safe	manner without needing to prepare any-
       thing in	/tmp

	      chroot_safe nobody /tmp ls -l

       Note: This example does not work	on FreeBSD or other platforms where ls
       is statically linked.

       You can also find a howto chroot	an anonymous CVS server	online at  the
       chroot_safe website <http://chrootsafe.sourceforge.net/>

NOTES
       This application	utilizes some shared library loading tricks to instru-
       ment the	application with the required chroot hooks. Because of this it
       won't work on statically	linked applications.

       If  there  is any problem chrooting the application an error message is
       printed on stderr, and execution	of the application is terminated.

       Root privileges are required to chroot applications.

       For details on the inner	workings see the comments in the source.

AUTHOR
       Henrik Nordstrom	_hno@marasystems.com_

REPORTING BUGS
       Send bug	fixes or improvements to the author

SEE ALSO
       chroot(8), su(1), http://chrootsafe.sourceforge.net/

1.4				  9 Apr	2005			chroot_safe(1)

NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | NOTES | AUTHOR | REPORTING BUGS | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=chroot_safe&sektion=1&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help