New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[PATCH] Coverity: perlfunc: recommend chdir("/') after chroot #13772
Comments
From @jhiIt is good security practice to chdir to root after chroot (just google Attached. |
From @jhi0001-Inspired-by-Coverity-perl5-CID-28931.patchFrom 4d9c3d74cb366055e77acee119c713de4d2e0aeb Mon Sep 17 00:00:00 2001
From: Jarkko Hietaniemi <jhi@iki.fi>
Date: Thu, 24 Apr 2014 18:16:30 -0400
Subject: [PATCH] Inspired by Coverity perl5 CID 28931: Insecure chroot:
(CHROOT) chroot_call: Calling chroot() ... without calling chdir("/")
immediately after.
The Perl chroot() is a thin wrapper around the system call, so the
chdir("/") should not go there. But adding a note about the chdir()
being a good idea to perlfunc/chroot.
---
pod/perlfunc.pod | 3 +++
1 file changed, 3 insertions(+)
diff --git a/pod/perlfunc.pod b/pod/perlfunc.pod
index 9a5ee74..3883a94 100644
--- a/pod/perlfunc.pod
+++ b/pod/perlfunc.pod
@@ -1012,6 +1012,9 @@ change your current working directory, which is unaffected.) For security
reasons, this call is restricted to the superuser. If FILENAME is
omitted, does a C<chroot> to C<$_>.
+B<NOTE:> It is good security practice to immediately after C<chroot()>
+to do C<chdir("/")> (to the root directory).
+
Portability issues: L<perlport/chroot>.
=item close FILEHANDLE
--
1.9.2
|
From @rjbsfine with me for 5.20 |
The RT System itself - Status changed from 'new' to 'open' |
From @jhiOn Saturday-201405-17, 12:14, James E Keenan via RT wrote:
I pushed now *something* to blead... I'm still figuring out this
|
From @jhiOn Saturday-201405-17, 14:40, Jarkko Hietaniemi wrote:
Aaaaargh... looks like I pushed something else, too, unintentionally, |
From @khwilliamsonOn 05/17/2014 12:40 PM, Jarkko Hietaniemi wrote:
In the meantime I've been working on pushing that patch. The commit msg |
From @jhiOn Saturday-201405-17, 14:54, karl williamson via RT wrote:
Well, now you can pull blead, and exercise your native English-speaker |
From @rjbs* Jarkko Hietaniemi <jhi@iki.fi> [2014-05-17T14:51:40]
a54d950 is a complete mess. This should never have happened. I am *really really* tempted to move blead backward, but probably we won't. This is the time when anybody objects to me doing it, while I go back to this -- |
From @jhiOn Saturday-201405-17, 15:20, Ricardo Signes via RT wrote:
Sorry about that. Please undo my mess if possible / necessary. I think I sort of know what happened, I basically did a merge commit |
From @bulk88On Sat May 17 12:20:54 2014, perl.p5p@rjbs.manxome.org wrote:
Not sure if my opinion matters, but I always support "force" git resets to fix bad git histories. In this case the lack of rebasing makes the git timeline look insane. See attached pic. -- |
From @bulk88 |
From @jkeenanOn Sat May 17 12:20:54 2014, perl.p5p@rjbs.manxome.org wrote:
Net changes, as shown by 'git diff 54ff0ea:', appear reasonable. But I guess that would complicate 'git blame' and make blead differ from RC1, correct? Thank you very much. |
From @tonycozOn Sat Apr 26 12:03:17 2014, jhi wrote:
A patch for the same purpose was applied as b00d10d, so closing this ticket. Tony |
@tonycoz - Status changed from 'open' to 'resolved' |
Migrated from rt.perl.org#121740 (status was 'resolved')
Searchable as RT121740$
The text was updated successfully, but these errors were encountered: