|
Basic Security Concept In *nix: Changing Root Directory With chroot()
The chroot() system call has been with UNIX since at least Version 7 (released in 1979).
As its name implies, chroot() changes the root directory of the calling process.
Once a running process executes chroot ("/home /jail"), /home/jail becomes "/," and for all
intents and purposes, every file and directory outside of /home/jail
(including the true root directory and true /home directory) no longer exist.
In effect, chroot() provides a UNIX-inside-of-UNIX environment - a kind of "jail" where a
process can be restricted to an arbitrary portion of the filesystem.
Jails provide "security by default" for untrusted software: even if the software proves
to be insecure in ways not anticipated, the jail (which is enforced by the operating system,
not the program) dramatically limits the damage that can be done.
Indeed, a jail should provide only a bare minimum of facilities,
thereby limiting the potential
for damage even further.
Basic FreeVPS Concepts
Contexts
Contexts are the heart of the vserver idea. Contexts protect virtual servers from one another.
A process running in a particular context can see only processes in the same context,
can use only the IP address allowed to that context, uses files which belong only to that context.
This provides quota support within virtual servers and thus disk usage calculation on them.
Private Disk Namespaces
Despite its numerous advantages, chroot() falls short to ensure complete isolation of processes.
It just isolates the root of the directory tree. There are several vulnerabilities
in Linux kernel that allow a process to escape out of the chroot() environment.
To overcome this, FreeVPS uses the mechanism of separating the directory tree into parts
and forming an isolated area called disk namespace. Such realization
enables using the mount command inside a virtual server without any risk of
compromising the system.
Network Stack Virtualization
When using traditional chroot(), a user is restricted in network functionality.
Many network operations, such as, creation of individual routing or firewall rules,
are not allowed within the chroot() environment.
Moreover, a number of applications exchange large amounts of service information via network
and that may significantly load the system.
To decrease the load, FreeVPS introduces the mechanism of
sharing key network components among virtual servers.
This enables using iptables, raw sockets and its own virtual network devices
inside a virtual server.
FreeVPS Inside
FreeVPS software consists of two main parts:
- FreeVPS kernel: a standard Linux kernel patched to support VPS;
- FreeVPS tools: scripts to manage virtual servers and their host server.
Read more on these components in the corresponding documentation.
| 
