bug-coreutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#18062: [PATCH] chroot: always change to / if not changing credential

From: Bernhard Voelker
Subject: bug#18062: [PATCH] chroot: always change to / if not changing credentials
Date: Sun, 20 Jul 2014 16:36:29 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 
On 07/20/2014 02:05 PM, Andreas Schwab wrote:
> diff --git a/src/chroot.c b/src/chroot.c
> index 6c2d63f..079759f 100644
> --- a/src/chroot.c
> +++ b/src/chroot.c
> @@ -269,9 +269,10 @@ main (int argc, char **argv)
>        usage (EXIT_CANCELED);
>      }
>  
> -  /* Only do chroot specific actions if actually changing root.
> -     The main difference here is that we don't change working dir.  */
> -  if (! is_root (argv[optind]))
> +  /* Only do chroot specific actions if actually changing root or if not
> +     changing credentials.  The main difference here is that we don't
> +     change working dir.  */
> +  if (! is_root (argv[optind]) || !(userspec || groups))

This effectively reverts the idea behind v8.22-94-g99960ee:

    chroot: don't chdir() if not changing root

    This allows chroot to be used as a light weight tool
    to change user identification for a command,
    while not changing the current working directory.
    It also makes `chroot / true` consistently succeed on
    all platforms for non root users.

Now, with the patch:

  $ src/chroot / true
  src/chroot: cannot change root directory to /: Operation not permitted

... and some tests fail, too.

Why do you think the change is needed?
Is it about chroot(2) or chdir("/) being skipped?

Thanks & have a nice day,
Berny
reply via email to
[Prev in Thread] Current Thread [Next in Thread]