From: Sami Kerola <kerolasa@iki.fi>
Date: Sun, 9 Aug 2020 11:51:11 +0000 (+0100)
Subject: nsenter / switch_root: fix insecure chroot [coverity scan]
X-Git-Tag: v2.37-rc1~414
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=12558a4c47d31938075713c5586cff80eea03569;p=thirdparty%2Futil-linux.git

nsenter / switch_root: fix insecure chroot [coverity scan]

If a call to chroot is not followed by a call to chdir("/") the chroot jail
confinement can be violated.  See also CWE-243.

CID: 360718
CID: 360800
Reference: http://cwe.mitre.org/data/definitions/243.html
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
---

diff --git a/sys-utils/nsenter.c b/sys-utils/nsenter.c
index 4432cd3675..8eac7800b0 100644
--- a/sys-utils/nsenter.c
+++ b/sys-utils/nsenter.c
@@ -457,6 +457,8 @@ int main(int argc, char *argv[])
 
 		if (chroot(".") < 0)
 			err(EXIT_FAILURE, _("chroot failed"));
+		if (chdir("/"))
+			err(EXIT_FAILURE, _("cannot change directory to %s"), "/");
 
 		close(root_fd);
 		root_fd = -1;
diff --git a/sys-utils/switch_root.c b/sys-utils/switch_root.c
index a42bceca31..a21f298dcf 100644
--- a/sys-utils/switch_root.c
+++ b/sys-utils/switch_root.c
@@ -180,6 +180,12 @@ static int switchroot(const char *newroot)
 		return -1;
 	}
 
+	if (chdir("/")) {
+		close(cfd);
+		warn(_("cannot change directory to %s"), "/");
+		return -1;
+	}
+
 	pid = fork();
 	if (pid <= 0) {
 		struct statfs stfs;