Bug 448446 - Update coreutils to address /bin/pwd directory traversal issue
Summary: Update coreutils to address /bin/pwd directory traversal issue
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: coreutils
Version: 5.2
Hardware: All
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Ondrej Vasik
QA Contact:
URL: http://lists.gnu.org/archive/html/bug...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-05-26 23:02 UTC by Ben Thomas
Modified: 2018-10-20 02:15 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-01-20 21:42:53 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2009:0173 0 normal SHIPPED_LIVE coreutils bug fix update 2009-01-20 16:05:40 UTC

Description Ben Thomas 2008-05-26 23:02:00 UTC 
RedHat is shipping an older version of coreutils which contains a known bug in /bin/pwd. The details of 
the issue were discussed in the GNU mailing list in February 2007 and subsequently addressed.

The effects of the issue are easy to demonstrate. Essentially pwd was altered following coreutils 5.2 to 
use openat rather that getcwd. The change results in a 'Permission Denied' error and subsequent failure 
of pwd to report if one of the parent directories of the current working directory do not have read 
permissions.

abc@c5noxen [~]# echo $SHELL
/bin/bash
abc@c5noxen [~]# pwd
/home/abc
abc@c5noxen [~]# ls -ld . /home
drwx------ 4 abc  abc  4096 May 26 15:05 ./
drwx--x--x 7 root root 4096 May 26 15:01 /home/
abc@c5noxen [~]# /bin/pwd
/bin/pwd: cannot open directory `..': Permission denied

Under the latest version of coreutils (6.9 presently), this issue has been addressed:

abc@c5noxen [~]# /usr/local/bin/pwd
/home/abc
Comment 1 Ondrej Vasik 2008-05-27 08:15:45 UTC 
Thanks for report.
Actually you are wrong with the latest version of coreutils - latest is 6.11
(and I packaged 6.10 is part of Fedora9 and 6.11 of Fedora's Rawhide). Shipping
an old version of packages(not only coreutils) and fixing reported issues is the
way how the RHEL system works - long term support. Problem will get fixed in
next RHEL-5 coreutils update.
Comment 2 RHEL Program Management 2008-06-02 19:57:12 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 3 Michael Best 2008-06-08 09:12:37 UTC 
You know, the strange thing is it only fails when you call it with it's full path.

[mbest@test ~]$ ls -ld . /home
drwx------ 4 mbest mbest 4096 Apr 11 00:52 .
drwx--x--x 6 root  root  4096 Apr 10 18:49 /home
[mbest@test ~]$ /bin/pwd
/bin/pwd: cannot open directory `..': Permission denied
[mbest@test ~]$ which pwd
/bin/pwd
[mbest@test ~]$ pwd
/home/mbest
[mbest@test ~]$
Comment 4 Ben Thomas 2008-06-09 15:48:40 UTC 
(In reply to comment #3)
> You know, the strange thing is it only fails when you call it with it's full path.

This is because without a full path, pwd is likely using the shell defined alias rather than the coreutils 
version.
Comment 17 errata-xmlrpc 2009-01-20 21:42:53 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0173.html
Note You need to log in before you can comment on or make changes to this bug.