nsenter / switch_root: fix insecure chroot [coverity scan]

If a call to chroot is not followed by a call to chdir("/") the chroot jail
confinement can be violated.  See also CWE-243.

CID: 360718
CID: 360800
Reference: http://cwe.mitre.org/data/definitions/243.html
Signed-off-by: Sami Kerola <kerolasa@iki.fi>

diff --git a/sys-utils/nsenter.c b/sys-utils/nsenter.c
index 4432cd3675164b01698104d9eafaf3837b982315..8eac7800b0067c321c553b0b450fedaa7121b0bc 100644 (file)
--- a/sys-utils/nsenter.c
+++ b/sys-utils/nsenter.c
@@ -457,6 +457,8 @@ int main(int argc, char *argv[])
 
                if (chroot(".") < 0)
                        err(EXIT_FAILURE, _("chroot failed"));
+               if (chdir("/"))
+                       err(EXIT_FAILURE, _("cannot change directory to %s"), "/");
 
                close(root_fd);
                root_fd = -1;

diff --git a/sys-utils/switch_root.c b/sys-utils/switch_root.c
index a42bceca31507390c53e13f0c5d69144472da59b..a21f298dcf77f134251cd423b9ccafd3b76cb6ee 100644 (file)
--- a/sys-utils/switch_root.c
+++ b/sys-utils/switch_root.c
@@ -180,6 +180,12 @@ static int switchroot(const char *newroot)
                return -1;
        }
 
+       if (chdir("/")) {
+               close(cfd);
+               warn(_("cannot change directory to %s"), "/");
+               return -1;
+       }
+
        pid = fork();
        if (pid <= 0) {
                struct statfs stfs;