use chdir() before calling chroot()

diff --git a/ChangeLog b/ChangeLog
index 171e4c2a4dfaa87841d776a394a72ceef3c5ac44..38b08efca07d10ab43874e2862d5fec991594e21 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2013-07-29  Michael Scherer <misc-guest@alioth.debian.org>
+
+        * libmisc/root_flag.c: use chdir() before calling chroot() to
+         avoid potential security issue (see
+         http://www.bpfh.net/simes/computing/chroot-break.html)
+         Closes: alioth#313962
+
 2013-07-29  Christian Perrier  <christian@perrier.eu.org>
 
         * man/useradd.xml: use "--home-dir" instead of "--home"

diff --git a/libmisc/root_flag.c b/libmisc/root_flag.c
index 717de51d318cdb3b4b3090039446169ccb469a4b..7f5e6110492d4360b65a1411fb1d2b3aa7556446 100644 (file)
--- a/libmisc/root_flag.c
+++ b/libmisc/root_flag.c
@@ -106,6 +106,14 @@ static void change_root (const char* newroot)
                        Prog, newroot, strerror (errno));
                exit (E_BAD_ARG);
        }
+
+       if (chdir (newroot) != 0) {
+               fprintf(stderr,
+                               _("%s: cannot chdir to chroot directory %s: %s\n"),
+                               Prog, newroot, strerror (errno));
+               exit (E_BAD_ARG);
+       }
+
        if (chroot (newroot) != 0) {
                fprintf(stderr,
                        _("%s: unable to chroot to directory %s: %s\n"),