What is Chroot-Jail

A chroot (change root) is a Unix operation that changes the apparent root directory to the one specified by the user.

Any process you run after a chroot operation only has access to the newly defined root directory and its subdirectories. This operation is known as a chroot jail since these processes cannot read or write outside the new root directory.

A chroot environment can be used to create and host a separate virtualized copy of the software system. This can be useful for creating a test environment in the chroot for software that would otherwise be too risky to deploy on a production system, and software can be developed, built and tested in a chroot populated only with its expected dependencies. This can prevent some kinds of linkage skew that can result from developers building projects with different sets of program libraries installed.

How to Create the Chroot Jail:

Follow these steps:

1- Create a new directory which we’re going to name it “chroot_jail”

We can’t change root to it just yet as we need to copy some commands and their associated libraries into the “choot_jail” directory like “bash” and “ls”.

2- Create a subdirectory inside the “choot_jail” :

“mkdir -p chroot_jail/bin chroot_jail/lib64/x86_64-linux-gnu chroot_jail/lib/x86_64-linux-gnu”

3- copy the “bash” and “ls” commands files

Also, we need to copy their dependencies so we’re going to use “ldd”

Now we copy there into the directories we just created in the “choot_jail” directory:

cp /lib/x86_64-linux-gnu/libtinfo.so.6 chroot_jail/lib/x86_64-linux-gnu/

cp /lib/x86_64-linux-gnu/libdl.so.2 chroot_jail/lib/x86_64-linux-gnu/

cp /lib/x86_64-linux-gnu/libc.so.6 chroot_jail/lib/x86_64-linux-gnu/

cp /lib64/ld-linux-x86-64.so.2 chroot_jail/lib64/

4- Now for the “ls” command we do the same previous step:

cp /lib/x86_64-linux-gnu/libselinux.so.1 chroot_jail/lib/x86_64-linux-gnu/

cp /lib/x86_64-linux-gnu/libc.so.6 chroot_jail/lib/x86_64-linux-gnu/

cp /lib/x86_64-linux-gnu/libpcre2-8.so.0 chroot_jail/lib/x86_64-linux-gnu/

cp /lib/x86_64-linux-gnu/libdl.so.2 chroot_jail/lib/x86_64-linux-gnu/

cp /lib64/ld-linux-x86-64.so.2 chroot_jail/lib64/

cp /lib/x86_64-linux-gnu/libpthread.so.0 chroot_jail/lib/x86_64-linux-gnu/

Now we can change root to the “chroot_jail” directory using the command “sudo chroot chroot_jail”:

If you want to copy more commands, just follow the same steps with “bash” and “ls” and you will be able to have a more controlled environment, and once done with it just type “exit” and also you can delete the whole directory.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s