Commit c4388a62 authored by Colin Walters's avatar Colin Walters

[SECURITY] Invoke chdir() after we've switched uid, not before

Otherwise, the user can access otherwise inaccessible directories like:

$ linux-user-chroot --chdir /root/.virsh / /bin/sh
Reported-by: Allison Karlitskaya's avatarRyan Lortie <desrt@desrt.ca>
Reported-by: 's avatarMarc Deslauriers <marc.deslauriers@canonical.com>
parent ef7cd3d4
......@@ -361,9 +361,6 @@ main (int argc,
fatal_errno ("chroot");
}
if (chdir (chdir_target) < 0)
fatal_errno ("chdir");
/* Switch back to the uid of our invoking process. These calls are
* irrevocable - see setuid(2) */
if (setgid (rgid) < 0)
......@@ -371,6 +368,9 @@ main (int argc,
if (setuid (ruid) < 0)
fatal_errno ("setuid");
if (chdir (chdir_target) < 0)
fatal_errno ("chdir");
if (execvp (program, program_argv) < 0)
fatal_errno ("execv");
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment