1. Home
  2. CWE Database
  3. CWE-243
Variant · Low-Medium

CWE-243: Creation of chroot Jail Without Changing Working Directory

The product uses the chroot() system call to create a jail, but does not change the working directory afterward. This does not prevent access to files outside of the jail.

CWE-243 · Variant Level

Description

The product uses the chroot() system call to create a jail, but does not change the working directory afterward. This does not prevent access to files outside of the jail.

Improper use of chroot() may allow attackers to escape from the chroot jail. The chroot() function call does not change the process's current working directory, so relative paths may still refer to file system resources outside of the chroot jail after chroot() has been called.

Potential Impact

Confidentiality

Read Files or Directories

Demonstrative Examples

Consider the following source code from a (hypothetical) FTP server:
Bad
chroot("/var/ftproot");...fgets(filename, sizeof(filename), network);localfile = fopen(filename, "r");while ((len = fread(buf, 1, sizeof(buf), localfile)) != EOF) {fwrite(buf, 1, sizeof(buf), network);}fclose(localfile);
This code is responsible for reading a filename from the network, opening the corresponding file on the local machine, and sending the contents over the network. This code could be used to implement the FTP GET command. The FTP server calls chroot() in its initialization routines in an attempt to prevent access to files outside of /var/ftproot. But because the server does not change the current working directory by calling chdir("/"), an attacker could request the file "../../../../../etc/passwd" and obtain a copy of the system password file.

Detection Methods

  • Automated Static Analysis High — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea

CWE-573: Improper Following of Specification by Caller

The product does not follow or incorrectly follows the specifications as required by the implementation language, enviro...

CWE-669: Incorrect Resource Transfer Between Spheres

The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior ...

Taxonomy Mappings

  • 7 Pernicious Kingdoms: — Directory Restriction
  • Software Fault Patterns: SFP17 — Failed chroot jail

Frequently Asked Questions

What is CWE-243?

CWE-243 (Creation of chroot Jail Without Changing Working Directory) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The product uses the chroot() system call to create a jail, but does not change the working directory afterward. This does not prevent access to files outside of the jail.

How can CWE-243 be exploited?

Attackers can exploit CWE-243 (Creation of chroot Jail Without Changing Working Directory) to read files or directories. This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-243?

Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.

What is the severity of CWE-243?

CWE-243 is classified as a Variant-level weakness (Low-Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.