CWE - CWE-243: Failure to Change Working Directory in chroot Jail (1.6)

Home > CWE List > CWE- Individual Dictionary Definition (1.6)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research
CWE/SANS Top 25
CWSS

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

CWE-243: Failure to Change Working Directory in chroot Jail

Failure to Change Working Directory in chroot Jail

Weakness ID: 243 (Weakness Variant)

Status: Draft

Description

Description Summary

The program uses the chroot() system call to create a jail, but does not change the working directory afterward. This does not prevent access to files outside of the jail.

Extended Description

Improper use of chroot() may allow attackers to escape from the chroot jail. The chroot() function call does not change the process's current working directory, so relative paths may still refer to file system resources outside of the chroot jail after chroot() has been called.

Time of Introduction

Implementation

Applicable Platforms

Languages

C++

Operating Systems

UNIX

Likelihood of Exploit

High

Demonstrative Examples

Example 1

Consider the following source code from a (hypothetical) FTP server:

(Bad Code)

chroot("/var/ftproot");

...

fgets(filename, sizeof(filename), network);

localfile = fopen(filename, "r");

while ((len = fread(buf, 1, sizeof(buf), localfile)) != EOF) {

fwrite(buf, 1, sizeof(buf), network);

}

fclose(localfile);

This code is responsible for reading a filename from the network, opening the corresponding file on the local machine, and sending the contents over the network. This code could be used to implement the FTP GET command. The FTP server calls chroot() in its initialization routines in an attempt to prevent access to files outside of /var/ftproot. But because the server fails to change the current working directory by calling chdir("/"), an attacker could request the file "../../../../../etc/passwd" and obtain a copy of the system password file.

Background Details

The chroot() system call allows a process to change its perception of the root directory of the file system. After properly invoking chroot(), a process cannot access any files outside the directory tree defined by the new root directory. Such an environment is called a chroot jail and is commonly used to prevent the possibility that a processes could be subverted and used to access unauthorized files. For instance, many FTP servers run in chroot jails to prevent an attacker who discovers a new vulnerability in the server from being able to download the password file or other sensitive files on the system.

Weakness Ordinalities

Ordinality	Description
Resultant	(where the weakness is typically related to the presence of some other weaknesses)

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ChildOf	Weakness Class	227	Failure to Fulfill API Contract ('API Abuse')	Development Concepts (primary)699 Seven Pernicious Kingdoms (primary)700
ChildOf	Weakness Class	573	Failure to Follow Specification	Research Concepts1000
ChildOf	Category	632	Weaknesses that Affect Files or Directories	Resource-specific Weaknesses (primary)631
ChildOf	Weakness Class	669	Incorrect Resource Transfer Between Spheres	Research Concepts (primary)1000

Affected Resources

File/Directory

Causal Nature

Explicit

Taxonomy Mappings

Mapped Taxonomy Name	Node ID	Fit	Mapped Node Name
7 Pernicious Kingdoms			Directory Restriction

Content History

Submissions
Submission Date	Submitter	Organization	Source
	7 Pernicious Kingdoms		Externally Mined

Modifications
Modification Date	Modifier	Organization	Source
2008-09-08	CWE Content Team	MITRE	Internal
2008-09-08	updated Applicable Platforms, Background Details, Description, Relationships, Taxonomy Mappings, Weakness Ordinalities
2008-10-14	CWE Content Team	MITRE	Internal
2008-10-14	updated Description
2009-03-10	CWE Content Team	MITRE	Internal
2009-03-10	updated Demonstrative Examples
2009-05-27	CWE Content Team	MITRE	Internal
2009-05-27	updated Demonstrative Examples

Page Last Updated: October 29, 2009


	CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2009, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us