In one of the newer versions of baselayout (I had sys-apps/baselayout-1.12.4-r6), the default behaviour of start-stop-daemon was changed. It now always does chdir to / if parameter --chdir is not specified. First of all, i found nothing about this new behaviour documented. Neither in the man page nor in the ChangeLog in the tree. Secondly, this causes thttpd (and others?) to display / (yes, the whole root filesystem). That is because thttpd always serves the current directory and therefor the init-script does a cd to the configured directory just before calling start-stop-daemon. As a result of this, it served my whole data for a few days. Beside finding it annoying to find such changes without documentation, I think other users should be warned about this security problem. Additionally, this incident also happened before! It is documented in the ChangeLog of bayelayout and in bug #50434. To get back to the technical aspect, i really dont understand, why start-stop-daemon should chdir somewhere without having chdir specified. As this option exists users might think, that only with that option does a chdir. So I suggest again to revert to the old behaviour.
Seems like a potential security issue, reassigning to security.
And now hopefully reassigning....
base-system please advise (and sorry for the spam).
yes, this change is deliberate as that is what the upstream guys (Debian) did: -static const char *changedir = NULL; +static const char *changedir = "/"; this is a bug in thttpd, not in start-stop-daemon
www-servers please advise.
thttpd fixed, you can probably close this bug if there are no other known affected packages
Thx Daniel. Closing this one as FIXED.