How do I, when running an executable/script, fake the root directory?

Question

Is there any way to run a script such that when it references something like /bin/sh or /usr/bin/cowsay, to run ~/fake/bin/sh instead?

This effect should still hold for other scripts it runs, and scripts that they run.

Investigate chroot and also bash -r. And also as a broader suggestion, explore using a virtual machine; I recommend VirtualBox in combination with Vagrant; they're both free, open source, and high quality—and very very easy to set up and use. — Wildcard, Nov 06 '16 at 07:16

score 3 · Answer 1 · edited Apr 13 '17 at 12:36

If the script is cooperative, i.e. if it doesn't try to counter you deliberately, then you can use chroot to run it in a subtree of your directory tree. A program run under chroot can't directly access files outside the tree that it's chrooted in, but it can interact with the outside world in other ways, including sending signals to processes, communicating via sockets, accessing the network, etc.

chroot ~/fake myscript

The subtree ~/fake needs to contain everything the script needs: ~/fake/bin/sh, ~/fake/lib/ld-linux.so.2 and ~/fake/lib/libc.so.6 or whatever the dynamic loader and standard library are on your system, /proc under Linux for things like ps to work, etc. They have to be actual files, not symbolic links, since symbolic link traversal is itself constrained by the chroot.

Bind mounts can help build a chroot tree without copying all the necessary files.

Chroot requires root permissions. If the all programs you want to run are dynamically linked, you can use fakechroot to use chroot in a lighter-weight way. Fakechroot works by intercepting system calls via library preloading, so it doesn't require any privileges. With fakechroot, symbolic links pointing outside the chroot are followed normally, so you can build a forest of symbolic links to make things available in the subtree.

If the script is not cooperative, you'll need a proper isolation tool: a container or a virtual machine.

the_velour_fog · Answer 2 · 2016-11-06T05:41:08.597

try using a symlink:

sudo ln -sf ~/fake/bin/sh /usr/bin/cowsay

note: the -f (force) will (probably) cause your original file /usr/bin/cowsay to be replaced with the symlink.

Whether any statements within the executable ~/fake/bin/sh or any external programs that that executable calls act on the symlink itself or on the file the symlink points to is going to vary from program to program and statement to statement.

How do I, when running an executable/script, fake the root directory?

2 Answers2