Re: tftpd-hpa - insecure chroot()

["Dmitry V. Levin" <ldv () altlinux org>]

On Thu, Nov 02, 2017 at 03:16:55PM +0300, gremlin () gremlin ru wrote:
> Just look at this code and guess how it would be compiled on most
> systems:
>
> ========================================
>     /* Chroot and drop privileges */
>     if (secure) {
>         if (chroot(".")) {
>             syslog(LOG_ERR, "chroot: %m");
>             exit(EX_OSERR);
>         }
> #ifdef __CYGWIN__
>         chdir("/");             /* Cygwin chroot() bug workaround */
> #endif
>     }
> ========================================
>
> :-)

Sorry, why do you think that

        chdir(dir) == 0 && chroot(".") == 0

is any worse than

        chroot(dir) == 0 && chdir("/") == 0

assuming that you have control over your signal handlers and can ensure
they won't issue any chdir or chroot calls between these two calls?


-- 
ldv

Attachment: signature.asc
Description: