Open Bug 1433288 Opened 6 years ago Updated 2 years ago

Coverity is concerned about what we're doing between chroot() and chdir("/")

Tracking

()

Status:

NEW

People

(Reporter: jld, Assigned: jld)

References

(Blocks 1 open bug)

Details

(Whiteboard: [CID 1428586])

Jed Davis [:jld] ⟨⏰|UTC-7⟩ ⟦he/him⟧

Assignee

Description

•

6 years ago

Coverity has an analysis that checks for function calls that occur after a chroot() and not after a subsequent chdir("/"), at which times the current working directory is probably outside the root directory and it's possible to use relative paths to access files that can't be accessed with absolute paths and presumably aren't meant to be accessible.

This analysis has raised some issues about the chroot code added in bug 1401062.  One of these is a false positive — the first assertion's call to MOZ_ReportAssertionFailure is conditional on the chroot() failing — but there are other calls that do happen during this window.

None of this is harmful (we're not handling untrusted input, and none of this should use filesystem paths anyway), but it would be possible to rearrange things into the form Coverity expects.

Jim Mathies [:jimm]

Updated

•

6 years ago

Whiteboard: [CID 1428586] → [CID 1428586][sb?]

Jim Mathies [:jimm]

Updated

•

6 years ago

Whiteboard: [CID 1428586][sb?] → [CID 1428586]

BMO Automation

Updated

•

2 years ago

Severity: minor → S4

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Coverity is concerned about what we're doing between chroot() and chdir("/")

Categories

(Core :: Security: Process Sandboxing, enhancement, P2)

Tracking

()

People

(Reporter: jld, Assigned: jld)

References

(Blocks 1 open bug)

Details

(Whiteboard: [CID 1428586])

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated