Red Hat Bugzilla – Bug 722694
CVE-2011-4099 capsh: does not chdir after chroot
Last modified: 2015-08-19 05:11:31 EDT
Description of problem:
The capsh program has a --chroot commandline option. Inspecting the code shows that it does not do a chdir("/") after calling chroot. This means that '.' is outside the chroot.
Created attachment 513490 [details]
Patch fixing bug
The attached patch will be sent upstream.
Upstream said they included the fix in 2.22. Its now public:
So, I would say we should push fixes out in Fedora at least.
This issue does not affect the version of libcap as shipped with Red Hat Enterprise Linux 4 and 5.
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2011:1694 https://rhn.redhat.com/errata/RHSA-2011-1694.html