oss-security - Re: tftpd-hpa - insecure chroot()

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Fri, 3 Nov 2017 02:56:47 +0300
From: "Dmitry V. Levin" <ldv@...linux.org>
To: oss-security@...ts.openwall.com
Subject: Re: tftpd-hpa - insecure chroot()

On Thu, Nov 02, 2017 at 03:16:55PM +0300, gremlin@...mlin.ru wrote:
> Just look at this code and guess how it would be compiled on most
> systems:
> 
> ========================================
>     /* Chroot and drop privileges */
>     if (secure) {
>         if (chroot(".")) {
>             syslog(LOG_ERR, "chroot: %m");
>             exit(EX_OSERR);
>         }
> #ifdef __CYGWIN__
>         chdir("/");             /* Cygwin chroot() bug workaround */
> #endif
>     }
> ========================================
> 
> :-)

Sorry, why do you think that

	chdir(dir) == 0 && chroot(".") == 0

is any worse than

	chroot(dir) == 0 && chdir("/") == 0

assuming that you have control over your signal handlers and can ensure
they won't issue any chdir or chroot calls between these two calls?


-- 
ldv

Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.