From 133906f560762d68bc2c8eb677584dcd4ccae8f2 Mon Sep 17 00:00:00 2001
From: Amos Jeffries <squid3@treenet.co.nz>
Date: Mon, 3 Jun 2013 22:09:31 -0600
Subject: [PATCH] Bug 2066: squid does not do chdir() after chroot()

The earlier workaround applied only fixed 1 of the 3 places performing
chroot().
 This makes chroot and chdir integral parts of setting up Squids running
directory and alters teh chroot() calls to be mainSetCwnd() calls. Which
fixes several potential problems with core dumps from squid -z or -k
executions ending up in unexpected locations, regardless of whether
chroot() and coredump_dir are configured.

 Detected by Coverity Scan. Issue 740335.
---
 src/main.cc | 44 +++++++++++++++++++++++---------------------
 1 file changed, 23 insertions(+), 21 deletions(-)

diff --git a/src/main.cc b/src/main.cc
index 3f04daa5cf..7e2ae37989 100644
--- a/src/main.cc
+++ b/src/main.cc
@@ -951,20 +951,31 @@ setEffectiveUser(void)
     }
 }
 
+/// set the working directory.
 static void
 mainSetCwd(void)
 {
     char pathbuf[MAXPATHLEN];
+    static bool chrooted = false;
 
-    if (Config.coredump_dir) {
-        if (0 == strcmp("none", Config.coredump_dir)) {
-            (void) 0;
-        } else if (chdir(Config.coredump_dir) == 0) {
-            debugs(0, DBG_IMPORTANT, "Set Current Directory to " << Config.coredump_dir);
-            return;
-        } else {
-            debugs(50, DBG_CRITICAL, "chdir: " << Config.coredump_dir << ": " << xstrerror());
-        }
+    if (Config.chroot_dir && !chrooted) {
+        chrooted = true;
+
+        if (chroot(Config.chroot_dir) != 0);
+            fatal("failed to chroot");
+
+        strncpy(pathbuf, "/", sizeof(pathbuf)-1);
+    }
+
+    if (Config.coredump_dir && strcmp("none", Config.coredump_dir) == 0) {
+        strncpy(pathbuf, Config.coredump_dir, sizeof(pathbuf)-1);
+    }
+
+    if (chdir(pathbuf) == 0) {
+        debugs(0, DBG_IMPORTANT, "Set Current Directory to " << Config.coredump_dir);
+        return;
+    } else {
+        debugs(50, DBG_CRITICAL, "chdir: " << pathbuf << ": " << xstrerror());
     }
 
     /* If we don't have coredump_dir or couldn't cd there, report current dir */
@@ -979,10 +990,7 @@ static void
 mainInitialize(void)
 {
     /* chroot if configured to run inside chroot */
-
-    if (Config.chroot_dir && (chroot(Config.chroot_dir) != 0 || chdir("/") != 0)) {
-        fatal("failed to chroot");
-    }
+    mainSetCwd();
 
     if (opt_catch_signals) {
         squid_signal(SIGSEGV, death, SA_NODEFER | SA_RESETHAND);
@@ -1425,11 +1433,8 @@ SquidMain(int argc, char **argv)
     /* send signal to running copy and exit */
     if (opt_send_signal != -1) {
         /* chroot if configured to run inside chroot */
-
+        mainSetCwd();
         if (Config.chroot_dir) {
-            if (chroot(Config.chroot_dir))
-                fatal("failed to chroot");
-
             no_suid();
         } else {
             leave_suid();
@@ -1451,10 +1456,7 @@ SquidMain(int argc, char **argv)
 
     if (opt_create_swap_dirs) {
         /* chroot if configured to run inside chroot */
-
-        if (Config.chroot_dir && chroot(Config.chroot_dir)) {
-            fatal("failed to chroot");
-        }
+        mainSetCwd();
 
         setEffectiveUser();
         debugs(0, DBG_CRITICAL, "Creating missing swap directories");
-- 
2.47.2