[PATCH] Coverity: perlfunc: recommend chdir("/') after chroot #13772
Comments
From @jhiIt is good security practice to chdir to root after chroot (just google Attached. |
From @jhi0001-Inspired-by-Coverity-perl5-CID-28931.patchFrom 4d9c3d74cb366055e77acee119c713de4d2e0aeb Mon Sep 17 00:00:00 2001
From: Jarkko Hietaniemi <jhi@iki.fi>
Date: Thu, 24 Apr 2014 18:16:30 -0400
Subject: [PATCH] Inspired by Coverity perl5 CID 28931: Insecure chroot:
(CHROOT) chroot_call: Calling chroot() ... without calling chdir("/")
immediately after.
The Perl chroot() is a thin wrapper around the system call, so the
chdir("/") should not go there. But adding a note about the chdir()
being a good idea to perlfunc/chroot.
---
pod/perlfunc.pod | 3 +++
1 file changed, 3 insertions(+)
diff --git a/pod/perlfunc.pod b/pod/perlfunc.pod
index 9a5ee74..3883a94 100644
--- a/pod/perlfunc.pod
+++ b/pod/perlfunc.pod
@@ -1012,6 +1012,9 @@ change your current working directory, which is unaffected.) For security
reasons, this call is restricted to the superuser. If FILENAME is
omitted, does a C<chroot> to C<$_>.
+B<NOTE:> It is good security practice to immediately after C<chroot()>
+to do C<chdir("/")> (to the root directory).
+
Portability issues: L<perlport/chroot>.
=item close FILEHANDLE
--
1.9.2
|
From @rjbsfine with me for 5.20 |
|
The RT System itself - Status changed from 'new' to 'open' |
From @jhiOn Saturday-201405-17, 12:14, James E Keenan via RT wrote:
I pushed now *something* to blead... I'm still figuring out this
|
From @jhiOn Saturday-201405-17, 14:40, Jarkko Hietaniemi wrote:
Aaaaargh... looks like I pushed something else, too, unintentionally, |
From @khwilliamsonOn 05/17/2014 12:40 PM, Jarkko Hietaniemi wrote:
In the meantime I've been working on pushing that patch. The commit msg |
From @jhiOn Saturday-201405-17, 14:54, karl williamson via RT wrote:
Well, now you can pull blead, and exercise your native English-speaker |
From @rjbs* Jarkko Hietaniemi <jhi@iki.fi> [2014-05-17T14:51:40]
a54d950 is a complete mess. This should never have happened. I am *really really* tempted to move blead backward, but probably we won't. This is the time when anybody objects to me doing it, while I go back to this -- |
From @jhiOn Saturday-201405-17, 15:20, Ricardo Signes via RT wrote:
Sorry about that. Please undo my mess if possible / necessary. I think I sort of know what happened, I basically did a merge commit |
From @bulk88On Sat May 17 12:20:54 2014, perl.p5p@rjbs.manxome.org wrote:
Not sure if my opinion matters, but I always support "force" git resets to fix bad git histories. In this case the lack of rebasing makes the git timeline look insane. See attached pic. -- |
From @bulk88 |
From @jkeenanOn Sat May 17 12:20:54 2014, perl.p5p@rjbs.manxome.org wrote:
Net changes, as shown by 'git diff 54ff0ea:', appear reasonable. But I guess that would complicate 'git blame' and make blead differ from RC1, correct? Thank you very much. |
From @tonycozOn Sat Apr 26 12:03:17 2014, jhi wrote:
A patch for the same purpose was applied as b00d10d, so closing this ticket. Tony |
|
@tonycoz - Status changed from 'open' to 'resolved' |
Migrated from rt.perl.org#121740 (status was 'resolved')
Searchable as RT121740$
The text was updated successfully, but these errors were encountered: