version=pmwiki-2.2.130 ordered=1 urlencoded=1 agent=Mozilla/5.0 (X11; OpenBSD amd64; rv:68.0) Gecko/20100101 Firefox/68.0 SeaMonkey/2.53.11.1 author=mkf charset=UTF-8 csum= ctime=1625055014 host=2.178.149.149 name=Chroot.Intro rev=24 targets=Openhttpd.Configure,Nsd.Configure,Unbound.Configure,Ngircd.Install,Znc.Chroot,Wraith.Chroot,Pylink.Chroot,Pledge.Intro,Unveil.Intro text=(:title Chroot: Intro:)%0a%0a[[https://man.openbsd.org/chroot|Chroot]] refers to '''ch'''anging the '''root'''. When a process runs inside a chroot, you change what the process thinks is its root directory.%0a%0aNormally, a process can access any file within the root filesystem it has permissions for. By changing what the process thinks is its root directory, however, the process is now stuck in a chroot "jail". %0a%0aThis provides enhanced security: if a program gets compromised, it can only access and modify files within the new root.%0a%0a!! Uses%0a%0aMany OpenBSD daemons and third-party applications can be chrooted:%0a%0a|| border=1 width=100%25 class="sortable simpletable"%0a||! Chrooted OpenBSD daemons ||||%0a||! Application ||! Chroot path ||%0a|| [[openhttpd/configure|openhttpd]] || @@/var/www/@@ ||%0a|| [[nsd/configure|nsd]] || @@/var/nsd/@@ ||%0a|| [[unbound/configure|unbound]] || @@/var/unbound/@@ %0a%0a||! Chrooted third party daemons ||||%0a||! Application ||! Chroot path ||%0a|| [[ngircd/install|ngircd]] || @@/var/ngircd/@@ ||%0a|| [[znc/chroot|znc]] || @@/home/znc/@@ ||%0a|| [[wraith/chroot|wraith]] || @@/home/wraith/@@ ||%0a|| [[pylink/chroot|pylink]] || @@/home/pylink/@@ ||%0a%0a!! Creating a Chroot%0a%0aSuppose for a moment we want to chroot an imaginary program. We first call [[https://man.openbsd.org/whereis|whereis]] on the binary to find its absolute path:%0a%0a[@%0a$ whereis program%0a/usr/bin/program%0a@]%0a%0aNext, we call [[https://man.openbsd.org/ldd|ldd]] on the absolute path to find its dependencies:%0a%0a[@%0a$ ldd /usr/bin/program%0a/usr/bin/program%0a Start End Type Open Ref GrpRef Name%0a 0000022622dc8000 0000022622dcd000 exe 1 0 0 /usr/bin/program%0a 000002285bdc7000 000002285c133000 rlib 0 1 0 /usr/lib/libprogram.so.20.0%0a 00000228c7de6000 00000228c7e16000 rlib 0 2 0 /usr/lib/libm.so.10.1%0a 000002282f00d000 000002282f101000 rlib 0 2 0 /usr/lib/libc.so.96.0%0a 0000022914fb2000 0000022914fb2000 ld.so 0 1 0 /usr/libexec/ld.so%0a@]%0a%0aWe must re-create the filesystem in our chroot, /home/program, and copy all necessary dependencies:%0a%0a[@%0a$ doas mkdir -p /home/program/usr/bin/%0a$ doas mkdir -p /home/program/usr/lib/%0a$ doas mkdir -p /home/program/usr/libexec/%0a$ doas cp /usr/bin/program /home/program/usr/bin/%0a$ doas cp /usr/lib/libprogram.so.20.0 /home/program/usr/lib/%0a$ doas cp /usr/lib/libm.so.10.1 /home/program/usr/lib/%0a$ doas cp /usr/lib/libc.so.96.0 /home/program/usr/lib/%0a$ doas cp /usr/libexec/ld.so /home/program/usr/libexec/%0a@]%0a%0aThen, to run the chroot:%0a%0a[@%0a$ doas chroot -u daemon -g daemon /home/program program%0a@]%0a%0aSometimes, these dependencies have their own dependencies, so you may need to run ldd and copy files multiple times. Some of these dependencies do not become apparent until you attempt to run the program.%0a%0a!! Drawbacks%0a%0aThere are many drawbacks to using a chroot:%0a%0a# It requires you replicate each dependency inside the chroot every time you install or update the program%0a# It cannot limit the type of syscalls that the process can make%0a# It requires you call it as root, so normal users cannot run them%0a# Chrooted processes still have access to the network%0a%0aBecause of these limitations of a chroot, OpenBSD developed [[pledge/intro|pledge]] and [[unveil/intro|unveil]] to tighten the security of a process, however a simpler approach could be plan 9's private namespaces.%0a time=1658161436 title=Chroot: Intro author:1658161436=mkf diff:1658161436:1658161138:=79c79%0a%3c Because of these limitations of a chroot, OpenBSD developed [[pledge/intro|pledge]] and [[unveil/intro|unveil]] to tighten the security of a process, however a simpler approach could be plan 9's private namespaces.%0a---%0a> Because of these limitations of a chroot, OpenBSD developed [[pledge/intro|pledge]] and [[unveil/intro|unveil]] to tighten the security of a process.%0a host:1658161436=2.178.149.149 author:1658161138=mkf diff:1658161138:1658161043:=24,25c24,25%0a%3c || [[wraith/chroot|wraith]] || @@/home/wraith/@@ ||%0a%3c || [[pylink/chroot|pylink]] || @@/home/pylink/@@ ||%0a---%0a> || [[wraith/chroot|wraith]] || @@/home/wraith/@ ||%0a> || [[pylink/chroot|pylink]] || @@/home/pylink/@ ||%0a host:1658161138=2.178.149.149 author:1658161043=mkf diff:1658161043:1658143566:=16,19c16,19%0a%3c || [[openhttpd/configure|openhttpd]] || @@/var/www/@@ ||%0a%3c || [[nsd/configure|nsd]] || @@/var/nsd/@@ ||%0a%3c || [[unbound/configure|unbound]] || @@/var/unbound/@@ %0a%3c %0a---%0a> || [[openhttpd/configure|openhttpd]] || @/var/www/@ ||%0a> || [[nsd/configure|nsd]] || @/var/nsd/@ ||%0a> || [[unbound/configure|unbound]] || @/var/unbound/@ ||%0a> %0a22,25c22,25%0a%3c || [[ngircd/install|ngircd]] || @@/var/ngircd/@@ ||%0a%3c || [[znc/chroot|znc]] || @@/home/znc/@@ ||%0a%3c || [[wraith/chroot|wraith]] || @@/home/wraith/@ ||%0a%3c || [[pylink/chroot|pylink]] || @@/home/pylink/@ ||%0a---%0a> || [[ngircd/install|ngircd]] || @/var/ngircd/@ ||%0a> || [[znc/chroot|znc]] || @/home/znc/@ ||%0a> || [[wraith/chroot|wraith]] || @/home/wraith/@ ||%0a> || [[pylink/chroot|pylink]] || @/home/pylink/@ ||%0a host:1658161043=2.178.149.149 author:1658143566=mkf diff:1658143566:1658143524:=15,19c15,19%0a%3c ||! Application ||! Chroot path ||%0a%3c || [[openhttpd/configure|openhttpd]] || @/var/www/@ ||%0a%3c || [[nsd/configure|nsd]] || @/var/nsd/@ ||%0a%3c || [[unbound/configure|unbound]] || @/var/unbound/@ ||%0a%3c %0a---%0a> ||! Application || Chroot path ||%0a> || [[openhttpd/configure|openhttpd]] || /var/www/ ||%0a> || [[nsd/configure|nsd]] || /var/nsd/ ||%0a> || [[unbound/configure|unbound]] || /var/unbound/ ||%0a> %0a21,25c21,25%0a%3c ||! Application ||! Chroot path ||%0a%3c || [[ngircd/install|ngircd]] || @/var/ngircd/@ ||%0a%3c || [[znc/chroot|znc]] || @/home/znc/@ ||%0a%3c || [[wraith/chroot|wraith]] || @/home/wraith/@ ||%0a%3c || [[pylink/chroot|pylink]] || @/home/pylink/@ ||%0a---%0a> ||! Application || Chroot path ||%0a> || [[ngircd/install|ngircd]] || /var/ngircd/ ||%0a> || [[znc/chroot|znc]] || /home/znc/ ||%0a> || [[wraith/chroot|wraith]] || /home/wraith/ ||%0a> || [[pylink/chroot|pylink]] || /home/pylink/ ||%0a host:1658143566=2.178.149.149 author:1658143524=mkf diff:1658143524:1658143449:=15c15%0a%3c ||! Application || Chroot path ||%0a---%0a> || Application || Chroot path ||%0a21d20%0a%3c ||! Application || Chroot path ||%0a host:1658143524=2.178.149.149 author:1658143449=mkf diff:1658143449:1658143296:=20c20%0a%3c ||! Chrooted third party daemons ||||%0a---%0a> ||! Chrooted third party daemons||||%0a host:1658143449=2.178.149.149 author:1658143296=mkf diff:1658143296:1647352979:=13,14d12%0a%3c || border=1 width=100%25 class="sortable simpletable"%0a%3c ||! Chrooted OpenBSD daemons ||||%0a19,20d16%0a%3c %0a%3c ||! Chrooted third party daemons||||%0a host:1658143296=2.178.149.149 author:1647352979=SummerSonw diff:1647352979:1639818384:=5c5%0a%3c Normally, a process can access any file within the root filesystem it has permissions for. By changing what the process thinks is its root directory, however, the process is now stuck in a chroot "jail". %0a---%0a> Normally, a process can access any file within the root filesystem it has permissions for. By changing what the process thinks is its root directory, however, the process is now stuck in a chroot "jail."%0a host:1647352979=203.77.49.232 author:1639818384=jrmu diff:1639818384:1627743320:=52,54c52,54%0a%3c $ doas cp /usr/lib/libm.so.10.1 /home/program/usr/lib/%0a%3c $ doas cp /usr/lib/libc.so.96.0 /home/program/usr/lib/%0a%3c $ doas cp /usr/libexec/ld.so /home/program/usr/libexec/%0a---%0a> $ doas cp /usr/lib/libm.so.10.1 /var/www/usr/lib/%0a> $ doas cp /usr/lib/libc.so.96.0 /var/www/usr/lib/%0a> $ doas cp /usr/libexec/ld.so /var/www/usr/libexec/%0a host:1639818384=38.87.162.8 author:1627743320=jrmu diff:1627743320:1627743094:=3,4c3,4%0a%3c [[https://man.openbsd.org/chroot|Chroot]] refers to '''ch'''anging the '''root'''. When a process runs inside a chroot, you change what the process thinks is its root directory.%0a%3c %0a---%0a> Chroot refers to '''ch'''anging the '''root'''. When a process runs inside a chroot, you change what the process thinks is its root directory.%0a> %0a24,25c24,25%0a%3c Suppose for a moment we want to chroot an imaginary program. We first call [[https://man.openbsd.org/whereis|whereis]] on the binary to find its absolute path:%0a%3c %0a---%0a> Suppose for a moment we want to chroot an imaginary program. To create a chroot, we copy all the files a program depends on. We first call ldd on the binary:%0a> %0a31,32c31,32%0a%3c Next, we call [[https://man.openbsd.org/ldd|ldd]] on the absolute path to find its dependencies:%0a%3c %0a---%0a> Next, we call ldd on the absolute path:%0a> %0a63c63%0a%3c Sometimes, these dependencies have their own dependencies, so you may need to run ldd and copy files multiple times. Some of these dependencies do not become apparent until you attempt to run the program.%0a---%0a> Sometimes, these files in turn have their dependencies, so you may need to run ldd and copy files multiple times. Also, some dependencies do not become apparent until you attempt to run the program.%0a host:1627743320=38.87.162.8 author:1627743094=jrmu diff:1627743094:1627742650:=11,12c11,12%0a%3c Many OpenBSD daemons and third-party applications can be chrooted:%0a%3c %0a---%0a> Many services are designed to be run in a chroot on OpenBSD:%0a> %0a16a17,19%0a> %0a> Other third-party applications can also be chrooted:%0a> %0a host:1627743094=38.87.162.8 author:1627742650=jrmu diff:1627742650:1627742364:=66,67d65%0a%3c Sometimes, these files in turn have their dependencies, so you may need to run ldd and copy files multiple times. Also, some dependencies do not become apparent until you attempt to run the program.%0a%3c %0a72,77c70,75%0a%3c # It requires you replicate each dependency inside the chroot every time you install or update the program%0a%3c # It cannot limit the type of syscalls that the process can make%0a%3c # It requires you call it as root, so normal users cannot run them%0a%3c # Chrooted processes still have access to the network%0a%3c %0a%3c Because of these limitations of a chroot, OpenBSD developed [[pledge/intro|pledge]] and [[unveil/intro|unveil]] to tighten the security of a process.%0a---%0a> # It requires you replicate each dependency inside the chroot%0a> # It cannot limit the type of syscalls that a process can call%0a> # It requires you call it as root%0a> # It chrooted processes can still access the network%0a> %0a> This is designed to prevent a user from crafting a setuid root program inside a chroot jail to escalate privileges%0a host:1627742650=38.87.162.8 author:1627742364=jrmu diff:1627742364:1627740074:=34,35d33%0a%3c Next, we call ldd on the absolute path:%0a%3c %0a47,48c45,46%0a%3c We must re-create the filesystem in our chroot, /home/program, and copy all necessary dependencies:%0a%3c %0a---%0a> So we re-create the filesystem in our chroot, /home/program, and copy all necessary dependencies:%0a> %0a60,61c58,59%0a%3c Then, to run the chroot:%0a%3c %0a---%0a> We need to turn on slowcgi:%0a> %0a63c61,62%0a%3c $ doas chroot -u daemon -g daemon /home/program program%0a---%0a> $ doas rcctl enable slowcgi%0a> $ doas rcctl start slowcgi%0a65a65,120%0a> Then we run:%0a> %0a> $ doas chroot -u www -g daemon /var/www perl%0a> %0a> I test some random gibberish to make sure perl works inside the chroot:%0a> %0a> [@%0a> print "shibboleth";%0a> @]%0a> %0a> Then ctrl+d to escape; and since it echoes @@shibboleth@@, it works.%0a> %0a> Now I put an index.pl in /var/www/htdocs/perl/ just to see if the web server loads it:%0a> %0a> [@%0a> #!/usr/bin/perl -w%0a> use strict;%0a> print "Content-Type:text/html\n\n";%0a> print "This is the index file for perl.oddprotocol.cf\n";%0a> @]%0a> %0a> Make sure to set the proper permissions:%0a> %0a> [@%0a> $ doas chown -R www:daemon /var/www/htdocs/perl/%0a> $ doas chmod +x /var/www/htdocs/perl/index.pl%0a> @]%0a> %0a> At this point I try running this command:%0a> %0a> [@%0a> $ curl example.ircnow.org:8080/index.pl%0a> @]%0a> %0a> I get a 500 Internal Error, which means perl is not able to execute properly.%0a> %0a> So I search for missing perl libraries:%0a> %0a> [@%0a> $ doas find / -iname '*perl*'%0a> @]%0a> %0a> The interesting one is the folder /usr/libdata/perl5 . We definitely need these libraries, so I update my script for creating the chroot:%0a> %0a> [@%0a> mkdir -p /var/www/usr/bin/%0a> mkdir -p /var/www/usr/lib/%0a> mkdir -p /var/www/usr/libexec/%0a> mkdir -p /var/www/usr/libdata/%0a> cp /usr/bin/perl /var/www/usr/bin/%0a> cp /usr/lib/libperl.so.20.0 /var/www/usr/lib/%0a> cp /usr/lib/libm.so.10.1 /var/www/usr/lib/%0a> cp /usr/lib/libc.so.96.0 /var/www/usr/lib/%0a> cp /usr/libexec/ld.so /var/www/usr/libexec/%0a> cp -R /usr/libdata/perl5 /var/www/usr/libdata/%0a> @]%0a host:1627742364=38.87.162.8 author:1627740074=jrmu diff:1627740074:1627717174:=27,120c27,28%0a%3c Suppose for a moment we want to chroot an imaginary program. To create a chroot, we copy all the files a program depends on. We first call ldd on the binary:%0a%3c %0a%3c [@%0a%3c $ whereis program%0a%3c /usr/bin/program%0a%3c @]%0a%3c %0a%3c [@%0a%3c $ ldd /usr/bin/program%0a%3c /usr/bin/program%0a%3c Start End Type Open Ref GrpRef Name%0a%3c 0000022622dc8000 0000022622dcd000 exe 1 0 0 /usr/bin/program%0a%3c 000002285bdc7000 000002285c133000 rlib 0 1 0 /usr/lib/libprogram.so.20.0%0a%3c 00000228c7de6000 00000228c7e16000 rlib 0 2 0 /usr/lib/libm.so.10.1%0a%3c 000002282f00d000 000002282f101000 rlib 0 2 0 /usr/lib/libc.so.96.0%0a%3c 0000022914fb2000 0000022914fb2000 ld.so 0 1 0 /usr/libexec/ld.so%0a%3c @]%0a%3c %0a%3c So we re-create the filesystem in our chroot, /home/program, and copy all necessary dependencies:%0a%3c %0a%3c [@%0a%3c $ doas mkdir -p /home/program/usr/bin/%0a%3c $ doas mkdir -p /home/program/usr/lib/%0a%3c $ doas mkdir -p /home/program/usr/libexec/%0a%3c $ doas cp /usr/bin/program /home/program/usr/bin/%0a%3c $ doas cp /usr/lib/libprogram.so.20.0 /home/program/usr/lib/%0a%3c $ doas cp /usr/lib/libm.so.10.1 /var/www/usr/lib/%0a%3c $ doas cp /usr/lib/libc.so.96.0 /var/www/usr/lib/%0a%3c $ doas cp /usr/libexec/ld.so /var/www/usr/libexec/%0a%3c @]%0a%3c %0a%3c We need to turn on slowcgi:%0a%3c %0a%3c [@%0a%3c $ doas rcctl enable slowcgi%0a%3c $ doas rcctl start slowcgi%0a%3c @]%0a%3c %0a%3c Then we run:%0a%3c %0a%3c $ doas chroot -u www -g daemon /var/www perl%0a%3c %0a%3c I test some random gibberish to make sure perl works inside the chroot:%0a%3c %0a%3c [@%0a%3c print "shibboleth";%0a%3c @]%0a%3c %0a%3c Then ctrl+d to escape; and since it echoes @@shibboleth@@, it works.%0a%3c %0a%3c Now I put an index.pl in /var/www/htdocs/perl/ just to see if the web server loads it:%0a%3c %0a%3c [@%0a%3c #!/usr/bin/perl -w%0a%3c use strict;%0a%3c print "Content-Type:text/html\n\n";%0a%3c print "This is the index file for perl.oddprotocol.cf\n";%0a%3c @]%0a%3c %0a%3c Make sure to set the proper permissions:%0a%3c %0a%3c [@%0a%3c $ doas chown -R www:daemon /var/www/htdocs/perl/%0a%3c $ doas chmod +x /var/www/htdocs/perl/index.pl%0a%3c @]%0a%3c %0a%3c At this point I try running this command:%0a%3c %0a%3c [@%0a%3c $ curl example.ircnow.org:8080/index.pl%0a%3c @]%0a%3c %0a%3c I get a 500 Internal Error, which means perl is not able to execute properly.%0a%3c %0a%3c So I search for missing perl libraries:%0a%3c %0a%3c [@%0a%3c $ doas find / -iname '*perl*'%0a%3c @]%0a%3c %0a%3c The interesting one is the folder /usr/libdata/perl5 . We definitely need these libraries, so I update my script for creating the chroot:%0a%3c %0a%3c [@%0a%3c mkdir -p /var/www/usr/bin/%0a%3c mkdir -p /var/www/usr/lib/%0a%3c mkdir -p /var/www/usr/libexec/%0a%3c mkdir -p /var/www/usr/libdata/%0a%3c cp /usr/bin/perl /var/www/usr/bin/%0a%3c cp /usr/lib/libperl.so.20.0 /var/www/usr/lib/%0a%3c cp /usr/lib/libm.so.10.1 /var/www/usr/lib/%0a%3c cp /usr/lib/libc.so.96.0 /var/www/usr/lib/%0a%3c cp /usr/libexec/ld.so /var/www/usr/libexec/%0a%3c cp -R /usr/libdata/perl5 /var/www/usr/libdata/%0a%3c @]%0a---%0a> When you create a chroot, you must copy%0a> %0a host:1627740074=38.87.162.8 author:1627717174=jrmu diff:1627717174:1627710587:=27,28d26%0a%3c When you create a chroot, you must copy%0a%3c %0a38a37%0a> %0a host:1627717174=38.87.162.8 author:1627710587=jrmu diff:1627710587:1627710047:=20c20%0a%3c || [[ngircd/install|ngircd]] || /var/ngircd/ ||%0a---%0a> || [[ngircd/configure|ngircd]] || /var/ngircd/ ||%0a host:1627710587=38.87.162.8 author:1627710047=jrmu diff:1627710047:1627709983:=21c21%0a%3c || [[znc/chroot|znc]] || /home/znc/ ||%0a---%0a> || [[znc/chroot|ngircd]] || /home/znc/ ||%0a23d22%0a%3c || [[pylink/chroot|pylink]] || /home/pylink/ ||%0a host:1627710047=38.87.162.8 author:1627709983=jrmu diff:1627709983:1627700250:=5,25c5,8%0a%3c Normally, a process can access any file within the root filesystem it has permissions for. By changing what the process thinks is its root directory, however, the process is now stuck in a chroot "jail."%0a%3c %0a%3c This provides enhanced security: if a program gets compromised, it can only access and modify files within the new root.%0a%3c %0a%3c !! Uses%0a%3c %0a%3c Many services are designed to be run in a chroot on OpenBSD:%0a%3c %0a%3c || Application || Chroot path ||%0a%3c || [[openhttpd/configure|openhttpd]] || /var/www/ ||%0a%3c || [[nsd/configure|nsd]] || /var/nsd/ ||%0a%3c || [[unbound/configure|unbound]] || /var/unbound/ ||%0a%3c %0a%3c Other third-party applications can also be chrooted:%0a%3c %0a%3c || [[ngircd/configure|ngircd]] || /var/ngircd/ ||%0a%3c || [[znc/chroot|ngircd]] || /home/znc/ ||%0a%3c || [[wraith/chroot|wraith]] || /home/wraith/ ||%0a%3c %0a%3c !! Creating a Chroot%0a%3c %0a---%0a> Normally, a process can access any file within the root filesystem it has permissions for. By changing what the process thinks is its root directory, however, the process is now stuck in a chroot "jail." It is now unable to access any files outside of the new root and is stuck in a '''chroot jail'''.%0a> %0a> This provides enhanced security: if a program gets compromised, it can only access and modify files within the chroot.%0a> %0a28,34c11,17%0a%3c There are many drawbacks to using a chroot:%0a%3c %0a%3c # It requires you replicate each dependency inside the chroot%0a%3c # It cannot limit the type of syscalls that a process can call%0a%3c # It requires you call it as root%0a%3c # It chrooted processes can still access the network%0a%3c %0a---%0a> A chroot jail%0a> %0a> requires you replicate each dependency inside the chroot%0a> cannot limit the type of syscalls that a process can call%0a> requires you call it as root%0a> chrooted processes can still access the network%0a> %0a36a20,26%0a> Many daemons run a chroot by default:%0a> %0a> openhttpd%0a> ngircd%0a> smtpd%0a> %0a> !! Creating a Chroot%0a host:1627709983=38.87.162.8 author:1627700250=jrmu diff:1627700250:1625055142:=1,26c1,11%0a%3c (:title Chroot: Intro:)%0a%3c %0a%3c Chroot refers to '''ch'''anging the '''root'''. When a process runs inside a chroot, you change what the process thinks is its root directory.%0a%3c %0a%3c Normally, a process can access any file within the root filesystem it has permissions for. By changing what the process thinks is its root directory, however, the process is now stuck in a chroot "jail." It is now unable to access any files outside of the new root and is stuck in a '''chroot jail'''.%0a%3c %0a%3c This provides enhanced security: if a program gets compromised, it can only access and modify files within the chroot.%0a%3c %0a%3c !! Drawbacks%0a%3c %0a%3c A chroot jail%0a%3c %0a%3c requires you replicate each dependency inside the chroot%0a%3c cannot limit the type of syscalls that a process can call%0a%3c requires you call it as root%0a%3c chrooted processes can still access the network%0a%3c %0a%3c This is designed to prevent a user from crafting a setuid root program inside a chroot jail to escalate privileges%0a%3c %0a%3c Many daemons run a chroot by default:%0a%3c %0a%3c openhttpd%0a%3c ngircd%0a%3c smtpd%0a%3c %0a%3c !! Creating a Chroot%0a---%0a> (:title Intro to Chroot:)%0a> %0a> %0a> ----%0a> %0a> %0a> %25center%25Chroot is literally changing the root directory of a program, so it runs in a isolated environment. This is useful for security reasons, a program running in chroot cannot change files and execute commands outside of its chroot directory%0a> %0a> ----%0a> %0a> TODO: ADD MORE INFO HERE%0a\ No newline at end of file%0a host:1627700250=38.87.162.8 author:1625055142=mistera diff:1625055142:1625055122:=7c7%0a%3c %25center%25Chroot is literally changing the root directory of a program, so it runs in a isolated environment. This is useful for security reasons, a program running in chroot cannot change files and execute commands outside of its chroot directory%0a---%0a> %25center%25Chroot is literally changing the root directory of a program, so it runs in a isolated environment. This is useful for security reasons, a program running in chroot cannot change files and commands outside of its chroot directory%0a host:1625055142=204.111.39.57 author:1625055122=mistera diff:1625055122:1625055055:=7c7%0a%3c %25center%25Chroot is literally changing the root directory of a program, so it runs in a isolated environment. This is useful for security reasons, a program running in chroot cannot change files and commands outside of its chroot directory%0a---%0a> %25center%25Chroot is literally changing the root directory of a program, so it runs in a isolated environment. This is useful for security reasons, a program running in chroot cannot execute commands outside of its chroot directory%0a host:1625055122=204.111.39.57 author:1625055055=mistera diff:1625055055:1625055053:= host:1625055055=204.111.39.57 author:1625055053=mistera diff:1625055053:1625055014:=9,11c9%0a%3c ----%0a%3c %0a%3c TODO: ADD MORE INFO HERE%0a\ No newline at end of file%0a---%0a> ----%0a\ No newline at end of file%0a host:1625055053=204.111.39.57 author:1625055014=mistera diff:1625055014:1625055014:=1,9d0%0a%3c (:title Intro to Chroot:)%0a%3c %0a%3c %0a%3c ----%0a%3c %0a%3c %0a%3c %25center%25Chroot is literally changing the root directory of a program, so it runs in a isolated environment. This is useful for security reasons, a program running in chroot cannot execute commands outside of its chroot directory%0a%3c %0a%3c ----%0a\ No newline at end of file%0a host:1625055014=204.111.39.57