1. Home
  2. Weaknesses
  3. CWE-243

CWE-243: Creation of chroot Jail Without Changing Working Directory

ID CWE-243
Abstraction Variant
Structure Simple
Status Draft
Detail Web & Social
The product uses the chroot() system call to create a jail, but does not change the working directory afterward. This does not prevent access to files outside of the jail.

Improper use of chroot() may allow attackers to escape from the chroot jail. The chroot() function call does not change the process's current working directory, so relative paths may still refer to file system resources outside of the chroot jail after chroot() has been called.

Modes of Introduction

Phase Note
Implementation REALIZATION: This weakness is caused during implementation of an architectural security tactic.

Applicable Platforms

Type Class Name Prevalence
Language C
Language C++
Operating_system Unix

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-573 Improper Following of Specification by Caller Class Simple Draft
CWE-1000 Research Concepts Draft CWE-669 Incorrect Resource Transfer Between Spheres Class Simple Draft