Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4921EAFD.6060108@op5.se>
Date: Mon, 17 Nov 2008 23:06:53 +0100
From: Andreas Ericsson <ae@....se>
To: oss-security@...ts.openwall.com
CC: coley@...re.org
Subject: Re: CVE Request (syslog-ng)

Steven M. Christey wrote:
> On Mon, 17 Nov 2008, Josh Bressers wrote:
> 
>> syslog-ng doesn't call chdir() before calling chroot().
> 
> This falls under the notion of "protection mechanism works less securely
> than advertised" so is a clear case for inclusion in CVE.  Use
> CVE-2008-5110.
> 
> Also - is the chdir supposed to come BEFORE or AFTER?  The CERT secure
> coding rules here:
> 
> https://www.securecoding.cert.org/confluence/display/cplusplus/FIO16-CPP.+Limit+access+to+files+by+creating+a+jail
> 
> suggest it might be safer AFTER, not before, due to some race condition
> possibilities.
> 

The correct sequence is:
chdir(jail_path);
chroot(".");

The chroot() call will fail if the directory no longer exists, but is
otherwise safe from "racy jail" attacks.

Paranoid programs only accept absolute non-symlink paths to the jail
and issue getcwd() after having entered it to make sure they ended up
in the proper directory.

-- 
Andreas Ericsson                   andreas.ericsson@....se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.