[syslog-ng]security patch for --chroot feature
Tommi Virtanen
tv@havoc.fi
Wed, 23 Oct 2002 08:18:15 +0300
On Sun, Oct 13, 2002 at 03:57:59PM -0700, Scott Weikart wrote:
> I'm not sure whether this is true for other kernels, and I'm not
> sure whether other kernels require the process to be root before
> a chroot can succeed. So, my uid check may need to be ported.
Only root can chroot, that's common.
> --- main.c~ Wed Sep 4 07:52:25 2002
> +++ main.c Sun Oct 13 15:37:46 2002
> @@ -481,6 +481,15 @@
> return 2;
> }
> if (chroot_dir) {
> + if (!uid) {
> + werror("-C can be defeated without -u, exitting.\n");
> + return 3;
> + }
> +
> + if (chdir(chroot_dir) < 0) {
> + werror("Error chdiring, exiting.\n");
> + return 3;
> + }
> if (chroot(chroot_dir) < 0) {
> werror("Error chrooting, exiting.\n");
> return 3;
If you chdir there, you can just chroot(".").
--
:(){ :|:&};: