Reputation: 28861
Running untrusted code using chroot
I wish to run some untrusted code using chroot.
However, many claim that chroot is not a security feature and can easily be broken out of.
Therefore my question is how does apps like https://ideone.com/ manage to run untrusted code quickly and securely. Also if chroot can be broken out of, couldn't it be possible to break out of chroot in https://ideone.com/ .
Upvotes: 1
Views: 224
Answers (1)
Reputation: 1208
I'm not sure what untrusted code you're referring to, but chroot just changes the apparent file structure -- theoretically you can't see above a certain level. But symbolic links can still work so if your chrooted directory has a symlink to a directory above, chroot doesn't do you any good.
It's also possible for applications can get access to resources through other applications. Some clever hackers know how to exploit running apps, but if you set up the ideone environment as root, well, anything is possible.
More theoretically, you could install a master application that has full access to the file system. Then you run code in a chrooted environment. If that master app is running and listening it can relay resources to your chrooted application.
Quickly? Sure... Securely... well... with my example the master app is a gatekeeper but it's still security through trust of the master app.
Upvotes: 1
Related Questions
- Sandboxing in Linux
- How can I get DNS resolution to work inside a Mac OS X `chroot` on El Capitan?
- running curl in chroot
- Break out of chroot using NodeJS
- Chroot vs Docker
- Python: Securing untrusted scripts/subprocess with chroot and chjail?
- Running an untrusted application on Linux in a sandbox
- Running (& compiling) untrusted user code