Chrootuid
Platforms:
AIX,
BSDI,
DG-UX,
Digital UNIX/Alpha,
FreeBSD,
HP-UX,
IRIX,
Linux,
NetBSD,
OpenBSD,
SCO,
Solaris,
SunOS,
True64 UNIX,
Ultrix,
UNIX,
Unixware
Categories:
Access Control,
user privileges
Version:
URL:
Chrootuid is a wrapper program designed to protect hosts from network compromise. By running a daemon under the chrootuid wrapper, if the daemon results in a remote compromise, the access acquired will be severely limited.
Chrootuid utilizes the chroot() mechanism to allow the daemon to run in its own, contained sand box. If an attacker gains access to a host via a chroot'ed daemon, they will only have access to a specific subset of tools and capabilities, as provided in the chroot directory set by the wrapper.
