...
chroot(“/home/user1/testapp”);
chdir(“/”);
perform_some_operations;
...
Program description:
The developer want to restrict his application to a particular directory (applications's home directory). To do this task, he uses chroot() system call which requires root privilege. The application thus sets a home directory for its activities. The developer wanted to ensure that this application does nothing malicious outside it's own home directory. Then he changes the current directory and then performs some operations.
Problem:
He gives root privilege while setting the Home directory but forgets to revoke the same after that
operation. So the application continues with root privilege and when it accesses another directory, it
is accessing it with root privilege. An attacker who compromises the application is getting root
privilege to do whatever he wants to do.
Solution:
...
chroot(“/home/user1/testapp”);
setuid(100);
chdir(“/”);
...
Setting UID to a non-zero value ensures that the root privilege is dropped and potential for damage
is substantially reduced.
chroot(“/home/user1/testapp”);
chdir(“/”);
perform_some_operations;
...
Program description:
The developer want to restrict his application to a particular directory (applications's home directory). To do this task, he uses chroot() system call which requires root privilege. The application thus sets a home directory for its activities. The developer wanted to ensure that this application does nothing malicious outside it's own home directory. Then he changes the current directory and then performs some operations.
Problem:
He gives root privilege while setting the Home directory but forgets to revoke the same after that
operation. So the application continues with root privilege and when it accesses another directory, it
is accessing it with root privilege. An attacker who compromises the application is getting root
privilege to do whatever he wants to do.
Solution:
...
chroot(“/home/user1/testapp”);
setuid(100);
chdir(“/”);
...
Setting UID to a non-zero value ensures that the root privilege is dropped and potential for damage
is substantially reduced.
