Open Bug 1433288 Opened 2 years ago Updated 2 years ago

Coverity is concerned about what we're doing between chroot() and chdir("/")

Categories

(Core :: Security: Process Sandboxing, enhancement, P2, minor)

Unspecified
Linux
enhancement

Tracking

()

People

(Reporter: jld, Assigned: jld)

References

(Blocks 1 open bug)

Details

(Whiteboard: [CID 1428586])

Coverity has an analysis that checks for function calls that occur after a chroot() and not after a subsequent chdir("/"), at which times the current working directory is probably outside the root directory and it's possible to use relative paths to access files that can't be accessed with absolute paths and presumably aren't meant to be accessible.

This analysis has raised some issues about the chroot code added in bug 1401062.  One of these is a false positive — the first assertion's call to MOZ_ReportAssertionFailure is conditional on the chroot() failing — but there are other calls that do happen during this window.

None of this is harmful (we're not handling untrusted input, and none of this should use filesystem paths anyway), but it would be possible to rearrange things into the form Coverity expects.
Whiteboard: [CID 1428586] → [CID 1428586][sb?]
Whiteboard: [CID 1428586][sb?] → [CID 1428586]
You need to log in before you can comment on or make changes to this bug.