File libcap-CVE-2011-4099.diff of Package libcap

Overview Repositories Revisions Requests Users Attributes Meta

File libcap-CVE-2011-4099.diff of Package libcap

From af725c50c2930485947bd958dbdf984faf8fc1ba Mon Sep 17 00:00:00 2001
From: "Andrew G. Morgan" <morgan@kernel.org>
Date: Sun, 24 Jul 2011 19:17:25 -0700
Subject: [PATCH] Change directory to "/" after --chroot operation.

Thanks to Steve Grubb for suggesting this. He wrote:
=========
I was reviewing something recently and discovered a problem in capsh. The capsh
program has a --chroot command line option. Inspecting the code shows that it does not
do a chdir("/") after calling chroot. This means that '.' is outside the chroot.

Additional info:
http://cwe.mitre.org/data/definitions/243.html
=========

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
---
 progs/capsh.c |    8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

--- a/progs/capsh.c
+++ b/progs/capsh.c
@@ -243,10 +243,16 @@
 		perror("unable to lower CAP_SYS_CHROOT");
 		exit(1);
 	    }
+	    /*
+	     * Given we are now in a new directory tree, its good practice
+	     * to start off in a sane location
+	     */
+	    status = chdir("/");
+
 	    cap_free(orig);
 
 	    if (status != 0) {
-		fprintf(stderr, "Unable to chroot to [%s]", argv[i]+9);
+		fprintf(stderr, "Unable to chroot/chdir to [%s]", argv[i]+9);
 		exit(1);
 	    }
 	} else if (!memcmp("--secbits=", argv[i], 10)) {

Places

File libcap-CVE-2011-4099.diff of Package libcap

Places