From e54f151f0543bbde1b0648191751b969d32ffae9 Mon Sep 17 00:00:00 2001
From: Stuart Henderson <stu@spacehopper.org>
Date: Wed, 5 Mar 2014 21:48:17 +0000
Subject: [PATCH] chdir(/) immediately after chroot

---
 dns.c    | 10 +++++-----
 icbd.c   | 10 +++++-----
 logger.c | 10 +++++-----
 3 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/dns.c b/dns.c
index 10dde3e..b90a8d7 100644
--- a/dns.c
+++ b/dns.c
@@ -89,6 +89,11 @@ dns_init(void)
 		exit(EX_NOUSER);
 	}
 
+	if (chdir("/") < 0) {
+		syslog(LOG_ERR, "chdir: %m");
+		exit(EX_UNAVAILABLE);
+	}
+
 	if (setusercontext(NULL, pw, pw->pw_uid,
 	    LOGIN_SETALL & ~LOGIN_SETUSER) < 0)
 		exit(EX_NOPERM);
@@ -98,11 +103,6 @@ dns_init(void)
 		exit(EX_NOPERM);
 	}
 
-	if (chdir("/") < 0) {
-		syslog(LOG_ERR, "chdir: %m");
-		exit(EX_UNAVAILABLE);
-	}
-
 	event_init();
 
 	/* event for the request */
diff --git a/icbd.c b/icbd.c
index 26a94dd..07ad3eb 100644
--- a/icbd.c
+++ b/icbd.c
@@ -449,16 +449,16 @@ icbd_restrict(void)
 		exit(EX_UNAVAILABLE);
 	}
 
-	if (setuid(pw->pw_uid) < 0) {
-		syslog(LOG_ERR, "%d: %m", pw->pw_uid);
-		exit(EX_NOPERM);
-	}
-
 	if (chdir("/") < 0) {
 		syslog(LOG_ERR, "/: %m");
 		exit(EX_UNAVAILABLE);
 	}
 
+	if (setuid(pw->pw_uid) < 0) {
+		syslog(LOG_ERR, "%d: %m", pw->pw_uid);
+		exit(EX_NOPERM);
+	}
+
 	(void)setproctitle("icbd");
 }
 
diff --git a/logger.c b/logger.c
index 38da9a3..20154b3 100644
--- a/logger.c
+++ b/logger.c
@@ -105,16 +105,16 @@ logger_init(void)
 		exit(EX_UNAVAILABLE);
 	}
 
-	if (setuid(pw->pw_uid) < 0) {
-		syslog(LOG_ERR, "%d: %m", pw->pw_uid);
-		exit(EX_NOPERM);
-	}
-
 	if (chdir("/") < 0) {
 		syslog(LOG_ERR, "chdir: %m");
 		exit(EX_UNAVAILABLE);
 	}
 
+	if (setuid(pw->pw_uid) < 0) {
+		syslog(LOG_ERR, "%d: %m", pw->pw_uid);
+		exit(EX_NOPERM);
+	}
+
 	event_init();
 
 	/* event for message processing */