bug#18062: [PATCH] chroot: always change to / if not changing credentials

[Bernhard Voelker]

On 07/27/2014 10:32 PM, Pádraig Brady wrote:
> Drats. This change was initially discussed at:
> http://lists.gnu.org/archive/html/coreutils/2014-05/msg00033.html
> There I noted that we'd want to keep doing the chdir("/") for older
> scripts that might assume the working dir = /.
> I.E. when not invoking with --user we'd do the chdir("/"),
> but then went ahead and fluffed the implementation.

At that point I wasn't that clear about the separation of the 3 tasks
in chroot(1): a) chroot(2), b) chdir(2), and c) finding/setting uid/gid
inside and outside the jail.  At least a) and b) got obviously a bit
mixed during the discussion.

> Now on consideration it's probably best to not even key this change
> on the --user option, and have a separate --chdir option?

As there is such a patch out now since more than a week:
http://lists.gnu.org/archive/html/bug-coreutils/2014-07/msg00083.html
would anyone comment on it?

Well, I took the way to add an internal "---skip-chdir" option,
but we can turn it into a publicly-visible "--skip-chdir" easily
if desired - although I don't see how such a probably-shoot-yourself-
in-the-foot option would help in real-world scripts. I think it'd
be clearer in such scripts to explicitly "cd" into the previous
directory.

Another idea was to re-introduce a 'setuidgid' tool built from
chroot.c without the chdir("/"), but that seemed even more awkward
than the ---skip-chdir solution.

Thanks & have a nice day,
Berny