diff options
| author | Andrew G. Morgan <morgan@kernel.org> | 2011-07-24 19:17:25 -0700 |
|---|---|---|
| committer | Jorge Lucangeli Obes <jorgelo@google.com> | 2015-09-03 14:13:03 -0700 |
| commit | 083c4ead193d5e1cf799cd524fc72a4d31e71a77 (patch) | |
| tree | 8c11ec9f583b41f39648a0b0bf92d04797fdf8e9 /libcap | |
| parent | 50b0098705cc64f607ad426f3623d81ead17128d (diff) | |
| download | libcap-083c4ead193d5e1cf799cd524fc72a4d31e71a77.tar.gz | |
Change directory to "/" after --chroot operation.
Thanks to Steve Grubb for suggesting this. He wrote:
=========
I was reviewing something recently and discovered a problem in capsh. The capsh
program has a --chroot command line option. Inspecting the code shows that it does not
do a chdir("/") after calling chroot. This means that '.' is outside the chroot.
Additional info:
http://cwe.mitre.org/data/definitions/243.html
=========
Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
Diffstat (limited to 'libcap')
| -rw-r--r-- | libcap/cap_proc.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/libcap/cap_proc.c b/libcap/cap_proc.c index 6040c02..8ecb57a 100644 --- a/libcap/cap_proc.c +++ b/libcap/cap_proc.c @@ -4,6 +4,8 @@ * This file deals with getting and setting capabilities on processes. */ +#include <sys/prctl.h> + #include "libcap.h" cap_t cap_get_proc(void) |