From e90f449ab3f44a2a3123d7ee6258b4fc1e3d910f Mon Sep 17 00:00:00 2001
From: Toni Uhlig <matzeton@googlemail.com>
Date: Wed, 27 Feb 2019 13:16:05 +0100
Subject: more secure chroot: chdir(chroot_path), chroot("."), chdir("/")

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
---
 src/ptunnel.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/ptunnel.c b/src/ptunnel.c
index fad0944..b92f76c 100644
--- a/src/ptunnel.c
+++ b/src/ptunnel.c
@@ -178,7 +178,7 @@ int main(int argc, char *argv[]) {
 	}
 	if (opts.chroot) {
 		pt_log(kLog_info, "Restricting file access to %s\n", opts.root_dir);
-		if (-1 == chdir(opts.root_dir) || -1 == chroot(opts.root_dir)) {
+		if (-1 == chdir(opts.root_dir) || -1 == chroot(".") || -1 == chdir("/")) {
 			pt_log(kLog_error, "chdir/chroot `%s': %s\n", opts.root_dir, strerror(errno));
 			exit(1);
 		}
-- 
cgit v1.2.3