tags:

views:

1046

answers:

2
+2  Q: 

Python and os.chroot

I'm writing a web-server in Python as a hobby project. The code is targeted at *NIX machines. I'm new to developing on Linux and even newer to Python itself.

I am worried about people breaking out of the folder that I'm using to serve up the web-site. The most obvious way to do this is to filter requests for documents like /../../etc/passwd. However, I'm worried that there might be clever ways to go up the directory tree that I'm not aware of and consequentially my filter won't catch.

I'm considering adding using the os.chroot so that the root directory is the web-site itself. Is this is a safe way of protecting against these jail breaking attacks? Are there any potential pitfalls to doing this that will hurt me down the road?

+5  A: 

Yes there are pitfalls. Security wise:

  1. If you run as root, there are always ways to break out. So first chroot(), then PERMANENTLY drop privileges to an other user.
  2. Put nothing which isn't absolutely required into the chroot tree. Especially no suid/sgid files, named pipes, unix domain sockets and device nodes.

Python wise your whole module loading gets screwed up. Python is simply not made for such scenarios. If your application is moderately complex you will run into module loading issues.

I think much more important than chrooting is running as a non privileged user and simply using the file system permissions to keep that user from reading anything of importance.

mdorseif  2009-01-25 22:02:05
Do you know how virtualenv plays with chroot-ed environments? http://pypi.python.org/pypi/virtualenv
Alabaster Codify  2009-01-25 22:50:11
A possible solution to module loading is to have all the modules inside the chroot, but nothing else.
orip  2009-01-25 23:28:20
I was only "passively aware" of virtualenv and this is surely something to look into if you are goint to chroot.
mdorseif  2009-01-27 19:45:04
+2  A: 

Check out Twisted. twistd supports privilege shedding and chroot operation out of the box. Additionally it has a whole framework for writing network services, daemons, and pretty much everything.

Kamil Kisiel  2009-01-25 23:15:25

related questions

grep a file, but show several surrounding lines?
VMWare Server Under Linux Secondary NIC connection
Should I move from C++ to Python? ... Or another language?
Globus Toolkit virtual machine
How to avoid redefining VERSION, PACKAGE, etc.
How do I setup Public-Key Authentication?
showing a message box from a bash script in linux
Best Linux Distro for Computer Repair
Mapping my custom keys in Debian
Any IcedTea war stories?
How do you find the age of a long-running Linux process?
Personal Linux web server
Programmatically talking to a Serial Port in OS X or Linux
what's in your .bashrc ?
Linux - files and scripts that execute on boot
Text Editor For Linux (Besides Vi)?
Lightweight IDE for Linux
Shell scripting input redirection oddities
XML Editing/Viewing Software
What should a longtime Windows user know when starting to use Linux?
Gtk SSH client for Linux?
Getting root permissions on a file inside of vi?
Is it possible to drag windows between workspaces when using Compiz?
GTK implementation of MessageBox
Is gettimeofday() guaranteed to be of microsecond resolution?