Bug 448446

Summary: Update coreutils to address /bin/pwd directory traversal issue
Product: Red Hat Enterprise Linux 5 Reporter: Ben Thomas <ben>
Component: coreutilsAssignee: Ondrej Vasik <ovasik>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: low    
Version: 5.2CC: pasteur, tao
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://lists.gnu.org/archive/html/bug-coreutils/2007-02/msg00053.html
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-01-20 21:42:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ben Thomas 2008-05-26 23:02:00 UTC 
RedHat is shipping an older version of coreutils which contains a known bug in /bin/pwd. The details of 
the issue were discussed in the GNU mailing list in February 2007 and subsequently addressed.

The effects of the issue are easy to demonstrate. Essentially pwd was altered following coreutils 5.2 to 
use openat rather that getcwd. The change results in a 'Permission Denied' error and subsequent failure 
of pwd to report if one of the parent directories of the current working directory do not have read 
permissions.

abc@c5noxen [~]# echo $SHELL
/bin/bash
abc@c5noxen [~]# pwd
/home/abc
abc@c5noxen [~]# ls -ld . /home
drwx------ 4 abc  abc  4096 May 26 15:05 ./
drwx--x--x 7 root root 4096 May 26 15:01 /home/
abc@c5noxen [~]# /bin/pwd
/bin/pwd: cannot open directory `..': Permission denied

Under the latest version of coreutils (6.9 presently), this issue has been addressed:

abc@c5noxen [~]# /usr/local/bin/pwd
/home/abc
Comment 1 Ondrej Vasik 2008-05-27 08:15:45 UTC 
Thanks for report.
Actually you are wrong with the latest version of coreutils - latest is 6.11
(and I packaged 6.10 is part of Fedora9 and 6.11 of Fedora's Rawhide). Shipping
an old version of packages(not only coreutils) and fixing reported issues is the
way how the RHEL system works - long term support. Problem will get fixed in
next RHEL-5 coreutils update.
Comment 2 RHEL Program Management 2008-06-02 19:57:12 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 3 Michael Best 2008-06-08 09:12:37 UTC 
You know, the strange thing is it only fails when you call it with it's full path.

[mbest@test ~]$ ls -ld . /home
drwx------ 4 mbest mbest 4096 Apr 11 00:52 .
drwx--x--x 6 root  root  4096 Apr 10 18:49 /home
[mbest@test ~]$ /bin/pwd
/bin/pwd: cannot open directory `..': Permission denied
[mbest@test ~]$ which pwd
/bin/pwd
[mbest@test ~]$ pwd
/home/mbest
[mbest@test ~]$
Comment 4 Ben Thomas 2008-06-09 15:48:40 UTC 
(In reply to comment #3)
> You know, the strange thing is it only fails when you call it with it's full path.

This is because without a full path, pwd is likely using the shell defined alias rather than the coreutils 
version.
Comment 17 errata-xmlrpc 2009-01-20 21:42:53 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0173.html