use chdir() before calling chroot()

2013-07-29 11:05:16 +02:00 · 2013-07-29 11:05:16 +02:00 · 4e65be1211
commit 4e65be1211
parent 9be164101d
2 changed files with 15 additions and 0 deletions
--- a/7
+++ b/7
@ -1,3 +1,10 @@
+2013-07-29  Michael Scherer <misc-guest@alioth.debian.org>
+
+        * libmisc/root_flag.c: use chdir() before calling chroot() to
+	  avoid potential security issue (see
+	  http://www.bpfh.net/simes/computing/chroot-break.html)
+	  Closes: alioth#313962
+
 2013-07-29  Christian Perrier  <christian@perrier.eu.org>

        * man/useradd.xml: use "--home-dir" instead of "--home"
--- a/libmisc/root_flag.c
+++ b/libmisc/root_flag.c
@ -106,6 +106,14 @@ static void change_root (const char* newroot)
 		        Prog, newroot, strerror (errno));
 		exit (E_BAD_ARG);
 	}
+
+	if (chdir (newroot) != 0) {
+		fprintf(stderr,
+				_("%s: cannot chdir to chroot directory %s: %s\n"),
+				Prog, newroot, strerror (errno));
+		exit (E_BAD_ARG);
+	}
+
 	if (chroot (newroot) != 0) {
 		fprintf(stderr,
 		        _("%s: unable to chroot to directory %s: %s\n"),