From: Jarkko Hietaniemi <jhi@iki.fi>
Date: Thu, 24 Apr 2014 22:16:30 +0000 (-0400)
Subject: perlfunc: Should chdir("/") immed after chroot
X-Git-Tag: v5.20.0~12
X-Git-Url: https://perl5.git.perl.org/perl5.git/commitdiff_plain/b00d10dc3d9b54e2ef58f2627b02bfe99daeae47

perlfunc: Should chdir("/") immed after chroot

Inspired by Coverity perl5 CID 28931: Insecure chroot: (CHROOT)
chroot_call.

The Perl chroot() is a thin wrapper around the system call, so the
chdir("/") should not go there.  But adding a note about the chdir()
being a good idea to perlfunc/chroot.

The committer reworded the inserted text for grammar and readability,
and the commit message to conform to git standards, and is pushing the
commit with the concurrence of the author.
---

diff --git a/pod/perlfunc.pod b/pod/perlfunc.pod
index 0cc1e9a..d762600 100644
--- a/pod/perlfunc.pod
+++ b/pod/perlfunc.pod
@@ -1012,6 +1012,9 @@ change your current working directory, which is unaffected.)  For security
 reasons, this call is restricted to the superuser.  If FILENAME is
 omitted, does a C<chroot> to C<$_>.
 
+B<NOTE:>  It is good security practice to do C<chdir("/")> (to the root
+directory) immediately after a C<chroot()>.
+
 Portability issues: L<perlport/chroot>.
 
 =item close FILEHANDLE