Bug#595366: portmap: Chroot(2) option brings no additional security due to implementation bug

Hello, I was wrong with openat() syscall, portmap daemon holds no open directories outside chroot dir. But access to files outside /var/empty is much easier -- use regular open(2) and relative pathnames. Proof: # lsof -n -p 7892 COMMAND PID USER FD TYPE DEVICESIZENODE NAME port

Bug#595366: portmap: Chroot(2) option brings no additional security due to implementation bug

Package: portmap Version: 6.0-9 Severity: normal Running portmap in chrooted directory is implemented wrongly. Daemon has to chdir(2) after chroot(2) to prevent accessing files outside chroot directory. Running portmap with option -t /var/empty gives following lsof results: # lsof -n -p 7892 COMM