mirror of
https://github.com/shadow-maint/shadow.git
synced 2024-12-18 06:14:46 +08:00
libmisc: Use safer chroot/chdir sequence
OpenSSH and coreutils' chroot call chroot first and then chdir. Doing it this way is a bit safer because otherwise something could happen between chdir and chroot to the specified path (like exchange of links) so the working directory would not end up within the chroot environment. This is a purely defensive measure. Signed-off-by: Samanta Navarro <ferivoz@riseup.net>
This commit is contained in:
parent
a116e20c76
commit
6491fef1e0
@ -91,16 +91,16 @@ static void change_root (const char* newroot)
|
||||
exit (E_BAD_ARG);
|
||||
}
|
||||
|
||||
if (chdir (newroot) != 0) {
|
||||
if (chroot (newroot) != 0) {
|
||||
fprintf(log_get_logfd(),
|
||||
_("%s: cannot chdir to chroot directory %s: %s\n"),
|
||||
_("%s: unable to chroot to directory %s: %s\n"),
|
||||
log_get_progname(), newroot, strerror (errno));
|
||||
exit (E_BAD_ARG);
|
||||
}
|
||||
|
||||
if (chroot (newroot) != 0) {
|
||||
if (chdir ("/") != 0) {
|
||||
fprintf(log_get_logfd(),
|
||||
_("%s: unable to chroot to directory %s: %s\n"),
|
||||
_("%s: cannot chdir in chroot directory %s: %s\n"),
|
||||
log_get_progname(), newroot, strerror (errno));
|
||||
exit (E_BAD_ARG);
|
||||
}
|
||||
|
@ -57,8 +57,8 @@ void subsystem (const struct passwd *pw)
|
||||
* must be able to change into it.
|
||||
*/
|
||||
|
||||
if ( (chdir (pw->pw_dir) != 0)
|
||||
|| (chroot (pw->pw_dir) != 0)) {
|
||||
if ( (chroot (pw->pw_dir) != 0)
|
||||
|| (chdir ("/") != 0)) {
|
||||
(void) printf (_("Can't change root directory to '%s'\n"),
|
||||
pw->pw_dir);
|
||||
SYSLOG ((LOG_WARN, NO_SUBROOT2, pw->pw_dir, pw->pw_name));
|
||||
|
Loading…
Reference in New Issue
Block a user