From 083c4ead193d5e1cf799cd524fc72a4d31e71a77 Mon Sep 17 00:00:00 2001
From: "Andrew G. Morgan" <morgan@kernel.org>
Date: Sun, 24 Jul 2011 19:17:25 -0700
Subject: Change directory to "/" after --chroot operation.

Thanks to Steve Grubb for suggesting this. He wrote:
=========
I was reviewing something recently and discovered a problem in capsh. The capsh
program has a --chroot command line option. Inspecting the code shows that it does not
do a chdir("/") after calling chroot. This means that '.' is outside the chroot.

Additional info:
http://cwe.mitre.org/data/definitions/243.html
=========

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>
---
 libcap/cap_proc.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'libcap')

diff --git a/libcap/cap_proc.c b/libcap/cap_proc.c
index 6040c02..8ecb57a 100644
--- a/libcap/cap_proc.c
+++ b/libcap/cap_proc.c
@@ -4,6 +4,8 @@
  * This file deals with getting and setting capabilities on processes.
  */
 
+#include <sys/prctl.h>
+
 #include "libcap.h"
 
 cap_t cap_get_proc(void)
-- 
cgit v1.2.3