Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to jail a process?
Special Forums Cybersecurity How to jail a process? Post 302815189 by bakunin on Friday 31st of May 2013 06:33:47 AM
Old 05-31-2013
hmm, this is exactly what a "chroot" environment is for. Notice, that you do not have to put every binary there, just the absolute minimum. If there is no shell you do not need to deny access to it. Further, you put only copies of these binaries there, not the real ones. If a process manages to compromise these it is still jailed in its - now compromised - chroot environment.

I hope this helps.

bakunin
 

7 More Discussions You Might Find Interesting

1. Linux

how can i jail a user?

I created a user useradd -d /disk2/ftpfiles me How would i beable to jail me so he could not move arround my file system? (4 Replies)
Discussion started by: byblyk
4 Replies

2. UNIX for Advanced & Expert Users

FBSD jail question

I'm trying to establish a jail on a FBSD 6.1 system and have a couple of questions on bringing up the daemon. Under the jail man page there are two user flags that I am unclear on, -u username The user name from host environment as whom the command should run. -U... (1 Reply)
Discussion started by: thumper
1 Replies

3. What is on Your Mind?

Should Paris Hilton be in Jail?

Enough of boring techie topics!! Vote on Paris Hilton and her jail time!! What do you think? (9 Replies)
Discussion started by: Neo
9 Replies

4. UNIX for Dummies Questions & Answers

How to start a chroot jail?

I was reading an article on how it is very important to setup a chroot jail to run bind. I can follow what the article says but one thing I am unclear about is now on system boot the BIND process in the chroot jail will start since it the owner will no longer be root but some other user. Can... (1 Reply)
Discussion started by: mojoman
1 Replies

5. Solaris

How to Jail ftp user

Hi Gurus, I am creating a user for ftp only on Solaris 10. However while testing I can see user can reach to root directory. I followed following while creating the user 1 Created a shell in /usr/bin/ftponly as chmod a+x to ftponly 2 Placed the entry in /etc/shells ... (2 Replies)
Discussion started by: kumarmani
2 Replies

6. UNIX for Advanced & Expert Users

ssh jail user

I have a developer that needs ssh access to a server to get to a specific directory. I want to restrict them to that directory. I've tried to set their shell as rksh which does jail them but only if they are using ssh from another unix system. If they are using putty or winscp they can still... (2 Replies)
Discussion started by: toor13
2 Replies

7. Cybersecurity

How to jail a process in his repertory ?

Hi all, I want to jail a process in his folder, so he can't have any link with a parent folder. Ex. If i'm a hacker, and I can upload my script & and I can start it, i'll could go to ../, /etc/passwd, etc.. So what I did is to chroot the process : I copied all libraries used by the... (1 Reply)
Discussion started by: Deb.I.am
1 Replies

LEARN ABOUT OPENSOLARIS

chroot

chroot(1M)						  System Administration Commands						chroot(1M)

NAME

       chroot - change root directory for a command

SYNOPSIS

       /usr/sbin/chroot newroot command

DESCRIPTION

       The  chroot  utility causes command to be executed relative to newroot. The meaning of any initial slashes (/) in the path names is changed
       to newroot for command and any of its child processes. Upon execution, the initial working directory is newroot.

       Notice that redirecting the output of command to a file,

	 chroot newroot command >x

       will create the file x relative to the original root of command, not the new one.

       The new root path name is always relative to the current root. Even if a chroot is currently in effect, the newroot argument is relative to
       the current root of the running process.

       This command can be run only by the super-user.

RETURN VALUES

       The exit status of chroot is the return value of command.

EXAMPLES

       Example 1 Using the chroot Utility

       The  chroot  utility  provides an easy way to extract tar files (see tar(1)) written with absolute filenames to a different location. It is
       necessary to copy the shared libraries used by tar (see ldd(1)) to the newroot filesystem.

	 example# mkdir /tmp/lib; cd /lib
	 example# cp ld.so.1 libc.so.1 libcmd.so.1 libdl.so.1 
		  libsec.so.1 /tmp/lib
	 example# cp /usr/bin/tar /tmp
	 example# dd if=/dev/rmt/0 | chroot /tmp tar xvf -

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       cd(1), tar(1), chroot(2), ttyname(3C), attributes(5)

NOTES

       Exercise extreme caution when referencing device files in the new root file system.

       References by routines such as ttyname(3C) to stdin, stdout, and stderr will find that the device associated with the  file  descriptor	is
       unknown after chroot is run.

SunOS 5.11							    15 Dec 2003 							chroot(1M)
All times are GMT -4. The time now is 10:38 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy