Bug 1422542 - Missing chdir call after chroot
Summary: Missing chdir call after chroot
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: rsyslog
Version: 26
Hardware: All
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Jiří Vymazal
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-02-15 13:59 UTC by Jiří Vymazal
Modified: 2017-03-14 02:21 UTC (History)
7 users (show)

Fixed In Version: rsyslog-8.25.0-2.fc24 rsyslog-8.25.0-2.fc25
Clone Of:
Environment:
Last Closed: 2017-03-13 23:50:30 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)
proposed patch (432 bytes, patch)
2017-02-15 15:34 UTC, Jiří Vymazal 		no flags Details | Diff
proposed patch (431 bytes, patch)
2017-02-20 12:56 UTC, Jiří Vymazal 		no flags Details | Diff
Show Obsolete (1) View All


Links
System ID Private Priority Status Summary Last Updated
Github rsyslog rsyslog issues 1419 0 None None None 2017-02-15 15:35:39 UTC

Description Jiří Vymazal 2017-02-15 13:59:14 UTC 
Description of problem:
Rsyslog has (with the -T cmd-line option) option to perform chroot call immediately after starting. However it does not perform any chdir call before or after it. This is violating security policy imposed by rpmlint to prevent processes easy chroot jail escape.


Steps to Reproduce:
1. run rpmlint on any rsyslog RPM

Actual results:
rsyslog.x86_64: E: missing-call-to-chdir-with-chroot /usr/sbin/rsyslogd

Expected results:
no errors reported

Additional info:
Comment 1 Jiří Vymazal 2017-02-15 15:34:49 UTC 
Created attachment 1250635 [details]
proposed patch
Comment 2 Jiří Vymazal 2017-02-15 15:35:40 UTC 
added patch and corresponding upstream issue
Comment 3 Jiří Vymazal 2017-02-17 09:16:51 UTC 
patch pushed to rawhide in rsyslog 8.24.0-5
Comment 4 Jiří Vymazal 2017-02-20 12:56:30 UTC 
Created attachment 1255677 [details]
proposed patch
Comment 5 Jiří Vymazal 2017-02-20 12:57:33 UTC 
corrected typo in patch, also fixed in rawhide in rsyslog 8.24.0-6
Comment 6 Fedora End Of Life 2017-02-28 11:18:21 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 26 development cycle.
Changing version to '26'.
Comment 7 Fedora Update System 2017-03-02 13:21:56 UTC 
rsyslog-8.25.0-2.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-d2d16edab7
Comment 8 Fedora Update System 2017-03-02 13:22:39 UTC 
rsyslog-8.25.0-2.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2017-92e2b77ddc
Comment 9 Fedora Update System 2017-03-03 04:53:33 UTC 
rsyslog-8.25.0-2.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-d2d16edab7
Comment 10 Fedora Update System 2017-03-03 05:24:11 UTC 
rsyslog-8.25.0-2.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-92e2b77ddc
Comment 11 Fedora Update System 2017-03-13 23:50:30 UTC 
rsyslog-8.25.0-2.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2017-03-13 23:54:42 UTC 
rsyslog-8.25.0-2.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2017-03-14 02:21:02 UTC 
rsyslog-8.25.0-2.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.