On Fri, Mar 22, 2024 at 06:18:18PM +0100, Alexander Bluhm wrote:
> On Fri, Mar 22, 2024 at 05:58:16PM +0100, Florian Obser wrote:
> > this seems reasonable.
> > OK florian or I can commit it if someone wants to OK it...
> 
> It calls chroot() after setresuid().  How can that work?
> frontend() does it in correct order.

It "works" because the return value check is wrong: == 1 vs == -1.
(I missed that before seeing your mail).

> 
> > On 2024-03-22 10:40 -06, spiros thanasoulas <dsp@2f30.org> wrote:
> > > Hey list! 
> > > I had sent this about a month ago and didn't get any
> > > feedback, so giving it a second shot. 
> > > lpd control is missing chdiring after chroot. any comments?
> > > Thanks :)
> > >
> > > On Tue, Feb 13, 2024 at 09:52:47AM -0700, spiros thanasoulas wrote:
> > >> This adds it in the same fashion as it appears in frontend.c
> > >> 
> > >
> > > Index: control.c
> > > ===================================================================
> > > RCS file: /cvs/src/usr.sbin/lpd/control.c,v
> > > retrieving revision 1.2
> > > diff -u -p -u -p -r1.2 control.c
> > > --- control.c   28 Dec 2022 21:30:17 -0000      1.2
> > > +++ control.c   13 Feb 2024 16:47:43 -0000
> > > @@ -78,6 +78,8 @@ control(int debug, int verbose)
> > >
> > >         if (chroot(pw->pw_dir) == 1)
> > >                 fatal("%s: chroot", __func__);
> > > +        if (chdir("/") == -1)
> > > +                fatal("%s: chdir", __func__);
> > >
> > >         if (pledge("stdio unix recvfd sendfd", NULL) == -1)
> > >                 fatal("%s: pledge", __func__);
> > >
> > 
> > -- 
> > In my defence, I have been left unsupervised.
>