CWE - CWE-243: Creation of chroot Jail Without Changing Working Directory (2.1)

Home > CWE List > CWE- Individual Dictionary Definition (2.1)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents
FAQs

Community
Related Activities
Discussion List
Research
CWE/SANS Top 25
CWSS
CWRAF
T-Shirt

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Coverage Claims Representation
Declarations
Make a Declaration

Contact Us
Search the Site

CWE-243: Creation of chroot Jail Without Changing Working Directory

Creation of chroot Jail Without Changing Working Directory

Weakness ID: 243 (Weakness Variant)

Status: Draft

Description

Description Summary

The program uses the chroot() system call to create a jail, but does not change the working directory afterward. This does not prevent access to files outside of the jail.

Extended Description

Improper use of chroot() may allow attackers to escape from the chroot jail. The chroot() function call does not change the process's current working directory, so relative paths may still refer to file system resources outside of the chroot jail after chroot() has been called.

Time of Introduction

Implementation

Applicable Platforms

Languages

C++

Operating Systems

UNIX

Common Consequences

Scope	Effect
Confidentiality	Technical Impact: Read files or directories

Likelihood of Exploit

High

Demonstrative Examples

Example 1

Consider the following source code from a (hypothetical) FTP server:

(Bad Code)

Example Language: C

chroot("/var/ftproot");

...

fgets(filename, sizeof(filename), network);

localfile = fopen(filename, "r");

while ((len = fread(buf, 1, sizeof(buf), localfile)) != EOF) {

fwrite(buf, 1, sizeof(buf), network);

}

fclose(localfile);

This code is responsible for reading a filename from the network, opening the corresponding file on the local machine, and sending the contents over the network. This code could be used to implement the FTP GET command. The FTP server calls chroot() in its initialization routines in an attempt to prevent access to files outside of /var/ftproot. But because the server does not change the current working directory by calling chdir("/"), an attacker could request the file "../../../../../etc/passwd" and obtain a copy of the system password file.

Background Details

The chroot() system call allows a process to change its perception of the root directory of the file system. After properly invoking chroot(), a process cannot access any files outside the directory tree defined by the new root directory. Such an environment is called a chroot jail and is commonly used to prevent the possibility that a processes could be subverted and used to access unauthorized files. For instance, many FTP servers run in chroot jails to prevent an attacker who discovers a new vulnerability in the server from being able to download the password file or other sensitive files on the system.

Weakness Ordinalities

Ordinality	Description
Resultant	(where the weakness is typically related to the presence of some other weaknesses)

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ChildOf	Weakness Class	227	Improper Fulfillment of API Contract ('API Abuse')	Development Concepts (primary)699 Seven Pernicious Kingdoms (primary)700
ChildOf	Weakness Class	573	Improper Following of Specification by Caller	Research Concepts1000
ChildOf	Category	632	Weaknesses that Affect Files or Directories	Resource-specific Weaknesses (primary)631
ChildOf	Weakness Class	669	Incorrect Resource Transfer Between Spheres	Research Concepts (primary)1000

Affected Resources

File/Directory

Causal Nature

Explicit

Taxonomy Mappings

Mapped Taxonomy Name	Node ID	Fit	Mapped Node Name
7 Pernicious Kingdoms			Directory Restriction

Content History

Submissions
Submission Date	Submitter	Organization	Source
	7 Pernicious Kingdoms		Externally Mined

Modifications
Modification Date	Modifier	Organization	Source
2008-09-08	CWE Content Team	MITRE	Internal
2008-09-08	updated Applicable_Platforms, Background_Details, Description, Relationships, Taxonomy_Mappings, Weakness_Ordinalities
2008-10-14	CWE Content Team	MITRE	Internal
2008-10-14	updated Description
2009-03-10	CWE Content Team	MITRE	Internal
2009-03-10	updated Demonstrative_Examples
2009-05-27	CWE Content Team	MITRE	Internal
2009-05-27	updated Demonstrative_Examples
2010-12-13	CWE Content Team	MITRE	Internal
2010-12-13	updated Demonstrative_Examples, Name
2011-06-01	CWE Content Team	MITRE	Internal
2011-06-01	updated Common_Consequences
Previous Entry Names
Change Date	Previous Entry Name
2008-01-30	Directory Restriction

2010-12-13	Failure to Change Working Directory in chroot Jail

Page Last Updated: September 12, 2011


	CWE is a Software Assurance strategic initiative co-sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2006-2012, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us