From 4e65be1211deae38f868a5880baecccb74bc61bd Mon Sep 17 00:00:00 2001 From: Michael Scherer Date: Mon, 29 Jul 2013 11:05:16 +0200 Subject: [PATCH] use chdir() before calling chroot() --- ChangeLog | 7 +++++++ libmisc/root_flag.c | 8 ++++++++ 2 files changed, 15 insertions(+) diff --git a/ChangeLog b/ChangeLog index 171e4c2a..38b08efc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2013-07-29 Michael Scherer + + * libmisc/root_flag.c: use chdir() before calling chroot() to + avoid potential security issue (see + http://www.bpfh.net/simes/computing/chroot-break.html) + Closes: alioth#313962 + 2013-07-29 Christian Perrier * man/useradd.xml: use "--home-dir" instead of "--home" diff --git a/libmisc/root_flag.c b/libmisc/root_flag.c index 717de51d..7f5e6110 100644 --- a/libmisc/root_flag.c +++ b/libmisc/root_flag.c @@ -106,6 +106,14 @@ static void change_root (const char* newroot) Prog, newroot, strerror (errno)); exit (E_BAD_ARG); } + + if (chdir (newroot) != 0) { + fprintf(stderr, + _("%s: cannot chdir to chroot directory %s: %s\n"), + Prog, newroot, strerror (errno)); + exit (E_BAD_ARG); + } + if (chroot (newroot) != 0) { fprintf(stderr, _("%s: unable to chroot to directory %s: %s\n"),