Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   44335 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

chroot_safe(1)							chroot_safe(1)

NAME
       chroot_safe - Chroot dynamically linked applications in a sane and safe
       manner

SYNOPSIS
       chroot_safe user chroot_directory application [arguments...]

DESCRIPTION
       chroot_safe is a tool to chroot any application in a safe and sane man‐
       ner  without  requring binaries, shared libraries etc within the chroot
       or any support from the application. Works with any dynamically	linked
       application.

       Normally	 when  you  chroot  applications not having native support for
       chroot there is a number of obstacles to overcome

       1.     The binary must be within the chroot jail

       2.     All libraries used by the binary must be within the chroot jail

       3.     chroot does not drop root privileges

       4.     su nobody -c does not chroot

       Shortcomings 3 & 4 can be addressed by writing a small  tool  replacing
       chroot, but you still have limitations 1 & 2.

       chroot_safe  addresses  all  four  of  these shortcomings by at runtime
       linking instrument the application to perform a full  chroot  and  drop
       all root privileges just after dynamic linking has completed but before
       the application as such is started. This is done via a small LD_PRELOAD
       stub and a shell wrapper giving instructions on how to chroot.

EXAMPLES
       Here  is	 a  silly example demonstrating the power of this application:
       chroot "ls -l" to /tmp in a safe manner without needing to prepare any‐
       thing in /tmp

	      chroot_safe nobody /tmp ls -l

       Note: This example does not work on FreeBSD or other platforms where ls
       is statically linked.

       You can also find a howto chroot an anonymous CVS server online at  the
       chroot_safe website ⟨http://chrootsafe.sourceforge.net/⟩

NOTES
       This application utilizes some shared library loading tricks to instru‐
       ment the application with the required chroot hooks. Because of this it
       won't work on statically linked applications.

       If  there  is any problem chrooting the application an error message is
       printed on stderr, and execution of the application is terminated.

       Root privileges are required to chroot applications.

       For details on the inner workings see the comments in the source.

AUTHOR
       Henrik Nordstrom <hno@marasystems.com>

REPORTING BUGS
       Send bug fixes or improvements to the author

SEE ALSO
       chroot(8), su(1), http://chrootsafe.sourceforge.net/

1.4				  9 Apr 2005			chroot_safe(1)

Vote for polarhome