mingetty (1.08-2) 597382-chroot.patch

Summary

 mingetty.c |   20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

    
download this patch

Patch contents

Description: Fix unsave chroot call.
 Check chdir() on chroot() syscalls (and similar) as chroot without proper
 chdir() allows to escape from changed root.
Author: Vasiliy Kulikov <segooon@gmail.com>
Origin: other, http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=diff;att=1;bug=597382
Bug-Debian: http://bugs.debian.org/597382
Reviewed-By: Paul Martin <pm@debian.org>
Last-Update: 2010-09-25

Index: mingetty-1.08/mingetty.c
===================================================================
--- mingetty-1.08.orig/mingetty.c	2012-05-01 12:34:56.088097009 +0100
+++ mingetty-1.08/mingetty.c	2012-05-01 12:35:10.208355774 +0100
@@ -438,12 +438,20 @@
 		while ((logname = get_logname ()) == 0)
 			/* do nothing */ ;
 
-	if (ch_root)
-		chroot (ch_root);
-	if (ch_dir)
-		chdir (ch_dir);
-	if (priority)
-		nice (priority);
+	if (ch_root) {
+		if (chroot (ch_root))
+			error ("chroot(): %s", strerror (errno));
+		if (chdir("/"))
+			error ("chdir(\"/\"): %s", strerror (errno));
+	}
+	if (ch_dir) {
+		if (chdir (ch_dir))
+			error ("chdir(): %s", strerror (errno));
+	}
+	if (priority) {
+		if (nice (priority))
+			error ("nice(): %s", strerror (errno));
+	}
 
 	execl (loginprog, loginprog, autologin? "-f" : "--", logname, NULL);
 	error ("%s: can't exec %s: %s", tty, loginprog, strerror (errno));