'chroot', 'chdir("..")', and IMFS crash.

Joel Sherrill joel.sherrill at OARcorp.com
Thu Feb 1 21:49:52 UTC 2001



Sergei Organov wrote:
> 
> The following sequence of calls results in IMFS crash in `IMFS_eval_path'
> (apparently due to NULL pointer dereference):
> 
>   char buf[SIZE];
>   rtems_libio_set_private_env();
>   chroot("/dev");
>   chdir("/");
>   chdir("..");          // Note attempt to chdir behind allowed tree
>   getcwd(buf, SIZE);
> 
> Without either `chdir("..")' or `chroot("/dev")' everything works just fine.
> 
> This is latest ss-20010126 snapshot.

I just couldn't let this stay unanswered on the list.  :)

We have had numerous private emails floating around about this crash.
It is a side-effect of the new chroot() function and appears to
be fairly easy to fix.  

The short explanation is that chroot() currently changes the variable
that is used to point to the top level root node in the IMFS.  But
chroot() is not supposed to change current working directory so it
is possible to be outside the virtual space at the "new root".  That
is what confuses the IMFS and causes the above crash.

> Sergei.

-- 
Joel Sherrill, Ph.D.             Director of Research & Development
joel at OARcorp.com                 On-Line Applications Research
Ask me about RTEMS: a free RTOS  Huntsville AL 35805
Support Available                (256) 722-9985



More information about the users mailing list