Hide Forgot
Description of problem: The capsh program has a --chroot commandline option. Inspecting the code shows that it does not do a chdir("/") after calling chroot. This means that '.' is outside the chroot. Additional info: http://cwe.mitre.org/data/definitions/243.html
Created attachment 513490 [details] Patch fixing bug The attached patch will be sent upstream.
Upstream said they included the fix in 2.22. Its now public: http://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/libcap-2.22.tar.gz So, I would say we should push fixes out in Fedora at least.
This issue does not affect the version of libcap as shipped with Red Hat Enterprise Linux 4 and 5.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:1694 https://rhn.redhat.com/errata/RHSA-2011-1694.html