Is chroot a Security Feature?

chroot stands for change root and is a function on Unix systems to change the root directory. It only affects the current process and its child processes. “chroot” itself can refer to both the chroot system call and the chroot utility. A program that has been “rooted” to a directory and has no open file descriptors outside the root virtual directory will no longer be able to access files outside that directory (if the kernel is implemented correctly). chroot provides an easy way to sandbox untrustworthy, test, or otherwise dangerous programs. It is a simple jail mechanism, but it can be easily broken out again. chroot was not designed as a security feature, but was primarily used to set up virtual environments. In practice, chrooting is complicated by the fact that programs expect to find space for temporary files, configuration files, device files, and program libraries in certain fixed locations at startup. To run these programs within the chroot directory, the directory must be equipped with these necessary files. Only the root user can chroot.

Is Security feature?

Whether chroot environments are a security feature to isolate individual computer programs from the entire computer depends strongly on the view of the creators of the respective operating system. On Linux, chroot is not called a security feature. How the root user can exit a chroot environment is documented on the man page.

Since most Unix systems do not completely file system-oriented, potentially dangerous functionalities such as network and process control through system calls remain available to a chrooted program. The chroot mechanism itself also imposes no restrictions on resources such as I/O bandwidth, disk space, or CPU time.

A chroot can be used as a precautionary measure against a security breach by preventing a potential attacker from using a compromised program to cause damage or probe the system. For example, a file server on the network can chroot the directory from which it serves a client immediately after connecting. A similar approach is followed by the mail transfer agent Postfix, which divides its task into several small, daisy-chained programs, each running in its own chroots. chroot is also a good use for FTP servers so that FTP users cannot change from their “home” directory to another directory.

A chroot directory can be populated to simulate a real system with network services. The chroot mechanism can then prevent attackers from detecting that they are in an artificial environment. The isolation achieved by the chroot mechanism is also useful for testing purposes. In such a directory, a separate copy of the operating system can be installed and serve as a test environment for software whose use in a production system would be too risky.

To repair a Linux/Unix system using a boot CD, chroot can be used to work on the mounted system. For example, a forgotten root password can be recovered. Details of which are described on chroot Command Example and Usages.