Bug 448446
Summary: | Update coreutils to address /bin/pwd directory traversal issue | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Ben Thomas <ben> |
Component: | coreutils | Assignee: | Ondrej Vasik <ovasik> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 5.2 | CC: | pasteur, tao |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://lists.gnu.org/archive/html/bug-coreutils/2007-02/msg00053.html | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-01-20 21:42:53 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ben Thomas
2008-05-26 23:02:00 UTC
Thanks for report. Actually you are wrong with the latest version of coreutils - latest is 6.11 (and I packaged 6.10 is part of Fedora9 and 6.11 of Fedora's Rawhide). Shipping an old version of packages(not only coreutils) and fixing reported issues is the way how the RHEL system works - long term support. Problem will get fixed in next RHEL-5 coreutils update. This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release. You know, the strange thing is it only fails when you call it with it's full path. [mbest@test ~]$ ls -ld . /home drwx------ 4 mbest mbest 4096 Apr 11 00:52 . drwx--x--x 6 root root 4096 Apr 10 18:49 /home [mbest@test ~]$ /bin/pwd /bin/pwd: cannot open directory `..': Permission denied [mbest@test ~]$ which pwd /bin/pwd [mbest@test ~]$ pwd /home/mbest [mbest@test ~]$ (In reply to comment #3) > You know, the strange thing is it only fails when you call it with it's full path. This is because without a full path, pwd is likely using the shell defined alias rather than the coreutils version. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-0173.html |