2

Forgive my rudimentary understanding of server security, but one thing I've always struggled with was understanding how to setup chroot to separate folders (which are discrete WP installations) in a /var/www directory. There is a lot of conflicting information I've seen that states Apache doesn't support it in virtual hosts, etc. though some seem to recommend it anyway. Generally, I've been confused about how to proceed. I don't want a compromised plugin or WP login from one site allowing attacking scripts access to the larger file system and other websites.

So, at some point I saw a talk on WP development with Docker. It does offer up a lot of workflow advantages, but it would also required we completely rejig our setup. Does containerization help eliminate the need for a chroot type solution? Does it effectively jail anything (other than exposed ports, I guess) to within its own container? If a single container (and only that single container) was compromised by a malicious script or brute force attack, it is easy enough to spin up a replacement... this isn't mean to be a comprehensive security question as I know using Docker isn't the same as "hardening", but what I'm really wondering is:

In a shared Ubuntu hosting environment, would Docker's containerization help prevent a compromised WordPress site from spreading vs. having them all in /var/www with some sort of chroot solution?

armadadrive
  • 123
  • 4

1 Answers1

2

First, chroot is not a security feature in any Unix systems. A privileged user can perform a second chroot to break out. See here

In a docker environment, processes and network are isolated so can't try to read kernel memory or use more RAM than allowed thanks to namespaces. Indeed, if any user inside a container is able to escape it using some sort of kernel exploit, it will be a user with the docker engine privileges so it will have access to all of them in the host machine but in that scenarios with chroot all is more easy. Therefore, Docker in general is more secure than a chroot configuration because chroot is meant as a tool for isolating processes for installation, debugging, and legacy library usage.

Secondly, a Wordpress core can start clean every time you start the container but in chroot, writes are permanent. Also, It is possible for the containers to even lack a shell so if someone upload a phpshell it will fail.

More info: Can I make my online server more secure using Docker?

Celebre Asm
  • 136
  • 4
  • That's a really well thought-out answer -- thanks @Celebre Asm! – armadadrive Nov 20 '18 at 19:29
  • 1
    Chroot can be used as _part_ of a security solution, e.g. by combining it with privilege dropping and resource limit reduction, though even then it doesn't block things like sending signals via `kill()` and `fcntl()`. – forest Nov 21 '18 at 03:59