How do I chroot CGI scripts?

When you chroot a CGI script, there is absolutely no way it can access files outside the chroot 'jail' you limit it to. This has security benefits, but it also means that it cannot access any libraries or configuration files that are outside of this jail directory.

Here is an example directory structure required for chrooting. In this example, an ISP has all his web sites under /web. With the docroots being /web/docroot/www.foo.com and /web/docroot/www.bar.com. The ISP has decided to chroot all CGIs into a chroot jail of "/web".

The first thing the ISP needs to do is to copy across the essential libraries. On RHEL 4, the following directory structure contains enough of the core libraries to get a simple CGI script to run. 


/web/bin
cat       echo      hostname  
id        sh

/web/lib:
ld-linux.so.2  libc.so.6  
libdl.so.2     libtermcap.so.2

Note that if you use languages like Perl for CGIs, you'll need to copy across all the Perl binaries and libraries into the chrooted jail.

Content Manager [Administrator] 15 June 2006  Permalink  
Leave a comment ...
Your email address will not be displayed.
Your URL will be displayed.
This public messageboard is not a forum for technical support. To report technical support problems, please contact our dedicated Support team using the instructions at the bottom of this page.
Options:
 
(Line breaks become <br />)
(Set cookies for name, email & url)
Download Free Trial

Recent Articles

Other Resources



www.zeus.com

powered by
b2evolution
The ZWS Online Support service is provided as is, without warranty or specific endorsement by Zeus Technology. For technical support queries, please contact Zeus Technical Support. Articles and comments may not reflect the views of Zeus Technology.  •  Disclaimer and Privacy statement.