CWE

Creation of chroot Jail Without Changing Working Directory

ID: 243		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: DRAFT
Abstraction Type: Variant

Description

The program uses the chroot() system call to create a jail, but does not change the working directory afterward. This does not prevent access to files outside of the jail.

Extended Description

Improper use of chroot() may allow attackers to escape from the chroot jail. The chroot() function call does not change the process's current working directory, so relative paths may still refer to file system resources outside of the chroot jail after chroot() has been called.

Likelihood of Exploit: High

Applicable Platforms
Language: C
Language: C++
Operating System Class: UNIX

Time Of Introduction

• Implementation

Common Consequences

Scope	Technical Impact	Notes
Confidentiality	Read files or directories

Detection Methods
None

Potential Mitigations
None

Relationships

Related CWE	Type	View	Chain
CWE-243 ChildOf CWE-893	Category	CWE-888

Demonstrative Examples   (Details)

1. Consider the following source code from a (hypothetical) FTP server:

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

Taxynomy	Id	Name	Fit
7 Pernicious Kingdoms		Directory Restriction

References:
None