Hu Moderator
Joined: 06 Mar 2007 Posts: 21518
|
Posted: Sun Dec 02, 2012 6:10 pm Post subject: Re: Is Chroot_safe safe? |
|
|
faemin wrote: | I have took a look at the code and can't qutie figure out how it works, even though there is hardly anything to it. | The code looks a little strange (see below), but I see no obvious problems with it.
faemin wrote: | c++: |
static void failure(char *msg) {
|
|
This is not const-correct.
faemin wrote: | c++: |
char *error = strerror(errno);
write(2, msg, strlen(msg));
if (errno != 0) {
|
|
The value of errno may change across the call to write.
faemin wrote: | c++: |
write(2, ": ", 2);
write(2, error, strlen(error));
}
write(2, "\n", 1);
|
|
This could be simplified via use of writev.
faemin wrote: | c++: |
struct passwd *pwd = getpwnam(user);
if (pwd == NULL)
struct passwd *pwd = getpwnam(user);
if (pwd == NULL)
failure("User not found in /etc/passwd");
|
|
This is wrong. The second getpwnam uses the same key as the first, and saves its result into an inner scope.
faemin wrote: | c++: |
An instance is created, and the default constructor is being called, it is chdir to the directory, setuid and gid, and then it calls chroot without execurting a command... then the shell script exec forks the process?
|
|
No. The shell script runs first, then this constructor runs in the context of the loaded program, so that it is made to call those functions before its main begins to execute. |
|