From: Michael Scherer <misc-guest@alioth.debian.org>
Date: Mon, 29 Jul 2013 09:05:16 +0000 (+0200)
Subject: use chdir() before calling chroot()
X-Git-Tag: 4.2.1~81
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4e65be1211deae38f868a5880baecccb74bc61bd;p=shadow

use chdir() before calling chroot()
---

diff --git a/ChangeLog b/ChangeLog
index 171e4c2a..38b08efc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2013-07-29  Michael Scherer <misc-guest@alioth.debian.org>
+
+        * libmisc/root_flag.c: use chdir() before calling chroot() to
+	  avoid potential security issue (see
+	  http://www.bpfh.net/simes/computing/chroot-break.html)
+	  Closes: alioth#313962
+
 2013-07-29  Christian Perrier  <christian@perrier.eu.org>
 
         * man/useradd.xml: use "--home-dir" instead of "--home"
diff --git a/libmisc/root_flag.c b/libmisc/root_flag.c
index 717de51d..7f5e6110 100644
--- a/libmisc/root_flag.c
+++ b/libmisc/root_flag.c
@@ -106,6 +106,14 @@ static void change_root (const char* newroot)
 		        Prog, newroot, strerror (errno));
 		exit (E_BAD_ARG);
 	}
+
+	if (chdir (newroot) != 0) {
+		fprintf(stderr,
+				_("%s: cannot chdir to chroot directory %s: %s\n"),
+				Prog, newroot, strerror (errno));
+		exit (E_BAD_ARG);
+	}
+
 	if (chroot (newroot) != 0) {
 		fprintf(stderr,
 		        _("%s: unable to chroot to directory %s: %s\n"),