[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd + chroot issue (ITS#810)



I've committed a suitable change to HEAD and OPENLDAP_REL_ENG_2.
Please test.

At 05:27 PM 10/9/00 +0000, jhuuskon@messi.uku.fi wrote:
>Full_Name: Jarno Huuskonen
>Version: 2.0.6
>OS: Linux-2.2.17
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (193.167.224.11)
>
>
>When slapd calls chroot to change the root directory it doesn't call
>chdir("/") to change the working directory into this new root dir. (To the best
>of my knowledge(from Secure Unix programming FAQ) chroot+chdir is the "correct"
>
>way to use chroot).
>
>Here's a quick patch:
>--- openldap-2.0.6/servers/slapd/main.c-orig    Mon Oct  9 20:07:27 2000
>+++ openldap-2.0.6/servers/slapd/main.c Mon Oct  9 20:10:11 2000
>@@ -301,7 +301,7 @@
>        }
> 
> #if defined(HAVE_CHROOT)
>-       if ( sandbox && chroot( sandbox ) ) {
>+       if ( sandbox && chroot( sandbox ) && chdir( "/" ) ) {
>                perror("chroot");
>                rc = 1;
>                goto stop;
>
>
>-Jarno