perlfunc: Should chdir("/") immed after chroot

Inspired by Coverity perl5 CID 28931: Insecure chroot: (CHROOT)
chroot_call.

The Perl chroot() is a thin wrapper around the system call, so the
chdir("/") should not go there.  But adding a note about the chdir()
being a good idea to perlfunc/chroot.

The committer reworded the inserted text for grammar and readability,
and the commit message to conform to git standards, and is pushing the
commit with the concurrence of the author.

diff --git a/pod/perlfunc.pod b/pod/perlfunc.pod
index 0cc1e9a..d762600 100644 (file)
--- a/pod/perlfunc.pod
+++ b/pod/perlfunc.pod
@@ -1012,6 +1012,9 @@ change your current working directory, which is unaffected.)  For security
 reasons, this call is restricted to the superuser.  If FILENAME is
 omitted, does a C<chroot> to C<$_>.
 
+B<NOTE:>  It is good security practice to do C<chdir("/")> (to the root
+directory) immediately after a C<chroot()>.
+
 Portability issues: L<perlport/chroot>.
 
 =item close FILEHANDLE