gitlab.flawfinder.chroot-1

137

Download Count*

License

Make sure the program immediately chdir("/"), closes file descriptors, and drops root privileges, and that all necessary files (and no more!) are in the new root.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: flawfinder.chroot-1
    languages:
      - c
    message: >
      Make sure the program immediately chdir("/"), closes file descriptors, and
      drops root

      privileges, and that all necessary files (and no more!) are in the new root.
    metadata:
      cwe: "CWE-22: chroot can be very helpful, but is hard to use correctly (CWE-250,
        CWE-22)"
      primary_identifier: flawfinder.chroot-1
      secondary_identifiers:
        - name: Flawfinder - chroot
          type: flawfinder_func_name
          value: chroot
      license: MIT
    pattern: chroot(...)
    severity: WARNING

Short Link: https://sg.run/N8Dx