chdir(/) immediately after chroot

2014-03-05 21:48:17 +00:00 · 2014-03-05 21:48:17 +00:00 · e54f151f05
commit e54f151f05
parent 3dba97de1d
3 changed files with 15 additions and 15 deletions
--- a/dns.c
+++ b/dns.c
@ -89,6 +89,11 @@ dns_init(void)
 		exit(EX_NOUSER);
 	}

+	if (chdir("/") < 0) {
+		syslog(LOG_ERR, "chdir: %m");
+		exit(EX_UNAVAILABLE);
+	}
+
 	if (setusercontext(NULL, pw, pw->pw_uid,
 	    LOGIN_SETALL & ~LOGIN_SETUSER) < 0)
 		exit(EX_NOPERM);
@ -98,11 +103,6 @@ dns_init(void)
 		exit(EX_NOPERM);
 	}

-	if (chdir("/") < 0) {
-		syslog(LOG_ERR, "chdir: %m");
-		exit(EX_UNAVAILABLE);
-	}
-
 	event_init();

 	/* event for the request */
--- a/icbd.c
+++ b/icbd.c
@ -449,16 +449,16 @@ icbd_restrict(void)
 		exit(EX_UNAVAILABLE);
 	}

-	if (setuid(pw->pw_uid) < 0) {
-		syslog(LOG_ERR, "%d: %m", pw->pw_uid);
-		exit(EX_NOPERM);
-	}
-
 	if (chdir("/") < 0) {
 		syslog(LOG_ERR, "/: %m");
 		exit(EX_UNAVAILABLE);
 	}

+	if (setuid(pw->pw_uid) < 0) {
+		syslog(LOG_ERR, "%d: %m", pw->pw_uid);
+		exit(EX_NOPERM);
+	}
+
 	(void)setproctitle("icbd");
 }

--- a/logger.c
+++ b/logger.c
@ -105,16 +105,16 @@ logger_init(void)
 		exit(EX_UNAVAILABLE);
 	}

-	if (setuid(pw->pw_uid) < 0) {
-		syslog(LOG_ERR, "%d: %m", pw->pw_uid);
-		exit(EX_NOPERM);
-	}
-
 	if (chdir("/") < 0) {
 		syslog(LOG_ERR, "chdir: %m");
 		exit(EX_UNAVAILABLE);
 	}

+	if (setuid(pw->pw_uid) < 0) {
+		syslog(LOG_ERR, "%d: %m", pw->pw_uid);
+		exit(EX_NOPERM);
+	}
+
 	event_init();

 	/* event for message processing */