From: bluhm <bluhm@openbsd.org>
Date: Fri, 22 Mar 2024 19:14:28 +0000 (+0000)
Subject: Fix chroot(2) call in control process.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=12690b15432155c8cdd2d0cd268bc11c914fd725;p=openbsd

Fix chroot(2) call in control process.

Use /var/empty as chroot directory.  Call chroot(2) before setresuid(2).
Do the error check correctly.  Call chdir(2) after chroot(2).

from spiros thanasoulas; with florian@ tb@; OK millert@
---

diff --git a/usr.sbin/lpd/control.c b/usr.sbin/lpd/control.c
index 1904327a000..fb6e0fac6d4 100644
--- a/usr.sbin/lpd/control.c
+++ b/usr.sbin/lpd/control.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: control.c,v 1.2 2022/12/28 21:30:17 jmc Exp $	*/
+/*	$OpenBSD: control.c,v 1.3 2024/03/22 19:14:28 bluhm Exp $	*/
 
 /*
  * Copyright (c) 2017 Eric Faurot <eric@openbsd.org>
@@ -25,6 +25,7 @@
 #include <errno.h>
 #include <event.h>
 #include <imsg.h>
+#include <paths.h>
 #include <pwd.h>
 #include <signal.h>
 #include <stdlib.h>
@@ -71,14 +72,16 @@ control(int debug, int verbose)
 	if ((pw = getpwnam(LPD_USER)) == NULL)
 		fatalx("unknown user " LPD_USER);
 
+	if (chroot(_PATH_VAREMPTY) == -1)
+		fatal("%s: chroot", __func__);
+	if (chdir("/") == -1)
+		fatal("%s: chdir", __func__);
+
 	if (setgroups(1, &pw->pw_gid) ||
 	    setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
 	    setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
 		fatal("cannot drop privileges");
 
-	if (chroot(pw->pw_dir) == 1)
-		fatal("%s: chroot", __func__);
-
 	if (pledge("stdio unix recvfd sendfd", NULL) == -1)
 		fatal("%s: pledge", __func__);