[pacman-dev] [PATCH] change the cwd from / to config->root while running scriplets
Aurelien Foret
aurelien at archlinux.org
Thu Jan 26 15:04:44 EST 2006
VMiklos wrote:
> pls read the manpage of chroot(2):
> "This call does not change the current working directory, so that
> after the call `.' can be outside the
> tree rooted at `/'. In particular, the superuser can escape
> from a `chroot jail' by doing `mkdir foo;
> chroot foo; cd ..'."
I made a few attempts to reproduce the issue, but without success.
I understand the reason of the fix, but wouldn't it be better to change
the working directory within the child process, right after the call to
chroot, instead of changing to the "root" directory from the father process?
Something like:
if(pid == 0) {
if(chroot(root) == -1) { ... }
if(chdir("/") == -1) { ... }
...
}
I've got the feeling it is safer to have the father staying at "/" while
operations from the install scripts are performed.
FYI, I had a look at the implementation of the chroot binary, and it is
coded as described above...
--
Aurelien
More information about the pacman-dev
mailing list