How to jail a process in his repertory ?

Deb.I.am · December 12, 2011, 3:42pm

Hi all,

I want to jail a process in his folder, so he can't have any link with a parent folder.

Ex. If i'm a hacker, and I can upload my script & and I can start it, i'll could go to ../, /etc/passwd, etc..

So what I did is to chroot the process :

I copied all libraries used by the process in his repertory, and then i did :

chroot /repertory/to/process ./myprocess

But... my process can still view parent folders...

How to do it ?

Thank you very much, and sorry for my bad english

jim_mcnamara · December 12, 2011, 3:57pm

You cannot chroot a process, you chroot jail a user account.

Create a user that has a home directory: /repertory/to/process, so /reprtory is really / for that user.

There are guides for for how to do this - most examples use ssh user accounts - here is an example:
Building a Secure User Environment with SSH ChRoot