473,406 Members | 2,698 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > python > questions > exit from os.chroot()

Join Bytes to post your question to a community of 473,406 software developers and data experts.

Exit from os.chroot()

Hello! I'm writing a small script and I need to call the os.chroot function. The problem is, a few lines below I need to call a program in /usr/bin. Is there a way to exit from the chroot, or to limit the chroot to a single function or thread?
Thanks in advance

Jun 27 '08 #1
4 3326
support.intranet wrote:
Hello! I'm writing a small script and I need to call the
os.chroot function. The problem is, a few lines below I need to
call a program in /usr/bin. Is there a way to exit from the
chroot, or to limit the chroot to a single function or thread?
Thanks in advance
No, chroot applies to the whole process and once applied it can't
be reverted. Otherwise the whole idea of chroot being a FS jail
would not work.

So you need some programs in your chroot: Then put a directory
usr/bin into the chroot directory and bind the system's /usr/bin
there:

mount --bind /usr/bin $chroot/usr/bin

The same has to be done with all library stuff. Another option
would be to place a statically linked busybox and it's
subprogram links into the chroot

Wolfgang Draxinger
--
E-Mail address works, Jabber: he******@jabber.org, ICQ: 134682867

Jun 27 '08 #2
On 4 Giu, 17:08, Wolfgang Draxinger <wdraxin...@darkstargames.de>
wrote:
support.intranet wrote:
Hello! I'm writing a small script and I need to call the
os.chroot function. The problem is, a few lines below I need to
call a program in /usr/bin. Is there a way to exit from the
chroot, or to limit the chroot to a single function or thread?
Thanks in advance

No, chroot applies to the whole process and once applied it can't
be reverted. Otherwise the whole idea of chroot being a FS jail
would not work.

So you need some programs in your chroot: Then put a directory
usr/bin into the chroot directory and bind the system's /usr/bin
there:

mount --bind /usr/bin $chroot/usr/bin

The same has to be done with all library stuff. Another option
would be to place a statically linked busybox and it's
subprogram links into the chroot

Wolfgang Draxinger
--
E-Mail address works, Jabber: hexar...@jabber.org, ICQ: 134682867
Thanks! I'll try the bind way
Jun 27 '08 #3
>So you need some programs in your chroot: Then put a directory
usr/bin into the chroot directory and bind the system's /usr/bin
there:
>mount --bind /usr/bin $chroot/usr/bin
It is better to make copies of the needed binaries and libraries,
and *only* them.
Or symbolic links, of course. Also, wouldn't links prevent
the process from puffing actual binaries in /usr/bin?
** Posted from http://www.teranews.com **
Jun 27 '08 #4
Thomas Bellman wrote:
That might not be the best idea... Suddenly the chroot:ed
program has access to the real /usr/bin; and since it likely is
running as root (it was allowed to call chroot()), it can do bad
things to the things in /usr/bin.
If a chrooted process is running as root, it can very easily break out
of the chroot anyway. So...
Also remember, a chroot:ing process should permanently relinquish
its privileges as soon as possible after chroot:ing. There are
way too many fun things a root-running process can do even when
chroot:ed, like creating device files or setuid binaries.
....this is imperative.
All this is of course assuming that the chroot is done for
security reasons.
But here's something that might be interesting:

http://kerneltrap.org/Linux/Abusing_chroot

Short story: chroot is not and never has been a security tool.

-- Remy

Jun 27 '08 #5
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
PHP mail() function in chroot
by: Andy | last post by:
On my webserver the web components are seperated into a chroot jail so it cannot access any of the mail (courier-mta) components. Does anyone know of a way to change how mail() functions? i.e....
PHP
0
chroot like function
by: SuicidalLabRat | last post by:
Is it Possable to build a chroot() like function using the abID and ITEMIDLIST structures, wherein the context in which a process runs ( this includes boundries to inter process communication...
.NET Framework
0
mysql + chroot = CRASH
by: alchimista | last post by:
hi, I've succesfully installed mysql on linux 2.4.x (TRUSTIX), I've tried to move it on my chroot jail but after 10s it crashes with the following message: --- cut here---- 040602 18:22:21 ...
MySQL Database
1
Application.Exit() fails
by: Guinness Mann | last post by:
Pardon me if this is not the optimum newsgroup for this post, but it's the only .NET newsgroup I read and I'm certain someone here can help me. I have a C# program that checks for an error...
.NET Framework
4
Application Exit
by: Bob Day | last post by:
Using VS 2003, VB.net... I am confused about the Application.Exit method, where the help states "This method does not force the application to exit." Aside from the naming confusion, how do I...
Visual Basic .NET
2
os.execve(pth,args,env) and os.chroot(pth) = problems
by: goodnamesalltaken | last post by:
Hello fellow python users, I've been working on a basic implementation of a privilege separated web server, and I've goto the point of running a basic cgi script. Basically when the execCGI...
Python
1
Application.Exit() vs Environmrnt.Exit(0)
by: =?Utf-8?B?VGFvZ2U=?= | last post by:
Hi All, When I use applcation.exit() in winForm application, the form closed, but the process is still going!! ( The debug process is still running if debug in VS IDE). Environment.Exit(0) works...
C# / C Sharp
12
Chroot Jail Not Secure for Sandboxing Python?
by: gregpinero | last post by:
This wiki page suggests using a chroot jail to sandbox Python, but wouldn't running something like this in your sandboxed Python instance still break you out of the chroot jail: os.execle...
Python
39
catching exit
by: mathieu | last post by:
Hi there, I am trying to reuse a piece of code that was designed as an application. The code is covered with 'exit' calls. I would like to reuse it as a library. For that I renamed the 'main'...
C / C++
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!