[patch] Avoid superfluous chroot() calls

[Pim van Riezen <pi madscience nl>]

Good Day,

Quite recently I switched the kernel on most of my production machines to
the 2.4 tree combined with the grsecurity patch sets
(http://www.grsecurity.net), in particular to activate stricter
restrictions on the chroot() system call. When this patch is activated, a
number of capabilities (including certain file system actions like
(f)chmod +s) are dropped after a chroot. This offers a great deal of
enhanced security when dealing with sub-systems that are to be kept in a
chroot-jail, ensuring that even if root privileges are somehow gained in
this subsystem, the attacker cannot break out of the chroot.

Unfortunately, having this patch active broke the ability to upgrade rpm
packages that contain files or directories with special permissions. An
strace on the install process showed that, even when installing packages
to the root filesystem, RPM performs a chroot() operation. On normal
kernels this has absolutely no effect, but on the grsec kernels this
activates the afforementioned privilege restrictions.

This patch adds a check on the root path during the install process and
skips the chroot() calls if it turns out to be "/". It's a small change
that doesn't affect operation under normal kernels.

Kind Regards,
Pim van Riezen
Cybercomm / Scarlet Telecom


--- BEGIN patch
*** rpm-4.0.2/lib/install.c~    Tue Jan 16 00:10:04 2001
--- rpm-4.0.2/lib/install.c     Sun Dec 16 18:16:16 2001
***************
*** 1045,1051 ****
        endpwent();

        chdir("/");
!       /*@-unrecog@*/ chroot(ts->rootDir); /*@=unrecog@*/
        ts->chrootDone = 1;
      }

--- 1045,1051 ----
        endpwent();

        chdir("/");
!       /*@-unrecog@*/ if (strlen(ts->rootDir)>1) chroot(ts->rootDir); /*@=unrecog@*/
        ts->chrootDone = 1;
      }

***************
*** 1159,1165 ****
      }

      if (ts->rootDir) {
!       /*@-unrecog@*/ chroot("."); /*@=unrecog@*/
        ts->chrootDone = 0;
        chdir(ts->currDir);
      }
--- 1159,1165 ----
      }

      if (ts->rootDir) {
!       /*@-unrecog@*/ if (strlen (ts->rootDir) >1) chroot("."); /*@=unrecog@*/
        ts->chrootDone = 0;
        chdir(ts->currDir);
      }
***************
*** 1228,1234 ****

  exit:
      if (ts->chrootDone) {
!       /*@-unrecog@*/ chroot("."); /*@=unrecog@*/
        chdir(ts->currDir);
        ts->chrootDone = 0;
      }
--- 1228,1234 ----

  exit:
      if (ts->chrootDone) {
!       /*@-unrecog@*/ if (strlen (ts->rootDir) > 1) chroot("."); /*@=unrecog@*/
        chdir(ts->currDir);
        ts->chrootDone = 0;
      }
*** rpm-4.0.2/lib/transaction.c.orig    Sun Dec 16 18:36:30 2001
--- rpm-4.0.2/lib/transaction.c Sun Dec 16 18:37:08 2001
***************
*** 1620,1626 ****
      rpmdbOpenAll(ts->rpmdb);

      chdir("/");
!     /*@-unrecog@*/ chroot(ts->rootDir); /*@=unrecog@*/
      ts->chrootDone = 1;

      ht = htCreate(totalFileCount * 2, 0, 0, fpHashFunction, fpEqual);
--- 1620,1626 ----
      rpmdbOpenAll(ts->rpmdb);

      chdir("/");
!     /*@-unrecog@*/ if(strlen(ts->rootDir)>1) chroot(ts->rootDir); /*@=unrecog@*/
      ts->chrootDone = 1;

      ht = htCreate(totalFileCount * 2, 0, 0, fpHashFunction, fpEqual);
***************
*** 1775,1781 ****
      NOTIFY(ts, (NULL, RPMCALLBACK_TRANS_STOP, 6, flEntries,
        NULL, ts->notifyData));

!     chroot(".");
      ts->chrootDone = 0;
      chdir(ts->currDir);

--- 1775,1781 ----
      NOTIFY(ts, (NULL, RPMCALLBACK_TRANS_STOP, 6, flEntries,
        NULL, ts->notifyData));

!     if (strlen(ts->rootDir)>1) chroot(".");
      ts->chrootDone = 0;
      chdir(ts->currDir);

--- END patch


-- 
2) Page yourself over the intercom. Don't disguise your voice.
5) Put your garbage can on your desk and label it "IN."
9) Finish all your sentences with "In accordance with the prophecy."
18) Have your co-workers address you by your wrestling name, Rock Hard.