chroot (change root) is a command which runs another command with a given directory redefined as the root directory. While useful for many purposes, it is most often referred to in its use as a security method whereby a service or a command is run from within a different new root directory than that command or service usually runs. The advantage of this technique is that the service is run in a chroot jail which is kept separate from important system files like the /etc directory, or from any other important files within the system. This technique is used in conjunction with running services or commands with user accounts with the minimum amount of privileges.
For instance, a chrooted named will run in /var/named/ as the local (minimally privileged) user "named", rather than in the traditional /etc/named as user root. If the named server gets compromised by a cracker or a worm, the only files that are compromised are those within /var/named (named's "new root"), since the named service can't see outside this "chroot jail" and the named user doesn't have privileges to any other system files.
Note that it may still be possible to break out of a chroot environment using various techniques. One example is by creating a device (with mknod) for the harddrive inside the chroot and editing it. Another way may be to manipulate network traffic to and from the machine. Yet another is to manipulate the kernel either directly or by loading modules.
To prevent breaking out of a chroot jail using mknod or similar, you can mount the filesystem that the chroot is located on with the option "nodev". Making a small loopback filesystem or partition for a chroot jail for this purpose is fairly simple.
Although Apache can be chrooted like any other service, there is a simple Apache module, "mod_chroot", which can be used to chroot Apache automatically, just by adding a line to /etc/httpd.conf.
BIND is one of the more notorious applications in regards to computer security. It is a good candidate for running inside a chroot jail since once its started it doesnt need to access any other part of the machine apart from its own files.
Some FTP daemons support chroot natively simply by including "." (current directory) in the path of the user home directory in /etc/passwd.
These all relate to running commands in an altered context.
- env - Change variables.
- nice - Change priority.
- nohup - Protect from hangups (modem) or network outages.
- stdbuf - Change buffering of standard I/O filestreams.
- su - Change user
- timeout - Limit the time.
- gdb - Run under control of a debugger
- script - Capture all program output
- valgrind - Validate program behavior
- strace - Create a log of system calls.