[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: slapd + chroot issue (ITS#810)
I've committed a suitable change to HEAD and OPENLDAP_REL_ENG_2.
Please test.
At 05:27 PM 10/9/00 +0000, jhuuskon@messi.uku.fi wrote:
>Full_Name: Jarno Huuskonen
>Version: 2.0.6
>OS: Linux-2.2.17
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (193.167.224.11)
>
>
>When slapd calls chroot to change the root directory it doesn't call
>chdir("/") to change the working directory into this new root dir. (To the best
>of my knowledge(from Secure Unix programming FAQ) chroot+chdir is the "correct"
>
>way to use chroot).
>
>Here's a quick patch:
>--- openldap-2.0.6/servers/slapd/main.c-orig Mon Oct 9 20:07:27 2000
>+++ openldap-2.0.6/servers/slapd/main.c Mon Oct 9 20:10:11 2000
>@@ -301,7 +301,7 @@
> }
>
> #if defined(HAVE_CHROOT)
>- if ( sandbox && chroot( sandbox ) ) {
>+ if ( sandbox && chroot( sandbox ) && chdir( "/" ) ) {
> perror("chroot");
> rc = 1;
> goto stop;
>
>
>-Jarno