Discussion in 'all things UNIX' started by tsec, Aug 4, 2009.
(From the chroot entry @ wikipedia).
Is chroot then the Linux equivalent of a sandbox?
In a nutshell, yes. It's a great thing. To such extent that some services won't run if not chrooted. For example, bind9 on centos requires chrooted environment to run.
Critical to properly deploying minimal escalation risk environment for critical services.
So is it possible to use chroot in the same way that SandboxIE is used in Windows? That is to run, for instance a browser in it and then at closing the browsing session, to have the option of saving any files etc?
First, your user session is already a sort of a sandbox. You can't save files anywhere when you run Firefox on Linux, only your home dir and maybe a few select locations, so there you go.
Yeah but that doesn't protect your personal data, which is probably also stored in the home dir, from e.g. a file infector.
Fortunately, most major distros use Mandatory Access Control systems such as SELinux and AppArmor. These are more like SBIE in functionality - programs launched by a user won't necessarily have that user's full rights.
For the full list of MAC systems...
- SMACK (Simplified MAC Kernel): I don't think anything uses this. Its main advantage over the others is its simplicity, which means that, although it may be less secure in theory, it's also less likely to be misconfigured or to contain really stupid bugs.
- SELinux: in the mainline kernel, used by default on Fedora, Redhat, and distros derived from those, and optional (if a bit buggy) on Debian. Capable of ridiculous security levels but complicated to configure.
- AppArmor: used in OpenSuSE (you have to turn it on) and Ubuntu (on by default IIRC). Oh yeah, and PCLinuxOS (but I wouldn't bother with PCLOS because it's buggy and sucks).
- Tomoyo: used by Mandriva. Not sure what its advantages are.
- RSBAC: used to be used by Mandriva, not sure if anyone uses it now.
- grSecurity: used by CAOS, NetSecL, and maybe a few others. Largely useless on desktops, as many applications will simply not run under it. Very secure though.
There's also PaX, a set of kernel patches designed to block buffer overflows and similar vulnerabilites. I think Gentoo's hardened kernel uses that, and most "secure" distros (e.g. Annvix). Again, some applications will refuse to run with a PaX kernel.
Wiki article for TOMOYO: http://en.wikipedia.org/wiki/TOMOYO_Linux
Separate names with a comma.