Using a chroot for WIMS server operation

A chroot is a separate execution environment.
Users in a chroot can only access files at or below it’s directory.
As a result users will be locked into an specific area of the file system.
If the userid (UID) is non zero (e.g. not root) there should be no way to gain root privilages on the server system.
It is good practice to run the chroot as the least powerful user which is able to do the task. (typically UID’s larger than 10000)

By limiting[1] the number of programs in the chroot jail to the bare minimum needed for the execution of chrooted programs[2] ,this system will provide an extra security[3] layer added to a production WIMS server.
WIMS has been ‘chroot ready’ since version 3.52 and will detect and use it automatically !

Using a chroot is not the most sofisticated method for secure operation…however there is a second advantage:
it does give us an easy ‘single click’ install of all important secundary software WIMS uses for it’s exercises.
Once a chroot has been build[4], it will be usable within most free Unix distributions. Many programs in the chroot are statically build, assuring fast loading and execution.

And there is even a third advantage… it will provide a uniform and stable set of secundary software used by WIMS.
And thus a smooth running of WIMS modules depending on this software.
In the last 13 years softwares incorporated in WIMS have evolved and improved – ofcourse.
A drawback of improvement is often a change in program syntax.
This will directly influence the running of WIMS modules depending of this software.
Notably for programs like povray, gnuplot things have changed considerably. Using a chroot will assure a stable versioning over a very long period[5] , independant of the free Unix distribution/version used for hosting WIMS.

[1] certainly no compilers and wget !
[2] secundary programs like Pari/gp,Maxima,Yacas,GNUplot,Povray,GAP,Octave,Scilab,M2,Graphviz,ImageMagick,BC
The use of TeX in a chroot is -at present- not implemented: it conflicts with the image caching system of WIMS.
[3] most software is not explicitly designed for secure server operation.
WIMS ensures secure execution by excluding certain insecure commands (‘escape to the system’). However WIMS can not detect/correct security holes in it’s secundary software.
[4] building your own chroot is not difficult.
For our school servers and for the Leiden mirror a 64bit chroot has been build.
A copy can be downloaded here:

[5] we’ve been using the same chroot since 2004 and we upgrade de WIMS server and operating system every year.

Un commentaire :

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *