...
Another essential step is to drop superuser privileges permanently after these calls . (See see POS02-C. Follow the principle of least privilege). ) The chroot() system call is not secure against the superuser changing the current root directory (if privileges are not dropped). Successful jail creation prevents unintentional file system access even if an attacker gives malicious input, such as through command-line arguments.
...
Failing to follow this recommendation may lead to full-system compromise if a file system vulnerability is discovered and exploited.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
POS05-C |
Medium |
Probable |
High | P4 | L3 |
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| CodeSonar |
| BADFUNC.CHROOT MISC.CHROOT.NOCHDIR | Use of chroot | ||||||
| Polyspace Bug Finder |
| CERT C: Rec. POS05-C | Checks for file manipulation after chroot() without chdir("/") (rec. fully covered) |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
...
...
Bibliography
...
...