Bug 448446 - Update coreutils to address /bin/pwd directory traversal issue
Update coreutils to address /bin/pwd directory traversal issue
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: coreutils (Show other bugs)
All Linux
low Severity medium
: rc
: ---
Assigned To: Ondrej Vasik
Depends On:
  Show dependency treegraph
Reported: 2008-05-26 19:02 EDT by Ben Thomas
Modified: 2010-10-22 21:28 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-01-20 16:42:53 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Ben Thomas 2008-05-26 19:02:00 EDT
RedHat is shipping an older version of coreutils which contains a known bug in /bin/pwd. The details of 
the issue were discussed in the GNU mailing list in February 2007 and subsequently addressed.

The effects of the issue are easy to demonstrate. Essentially pwd was altered following coreutils 5.2 to 
use openat rather that getcwd. The change results in a 'Permission Denied' error and subsequent failure 
of pwd to report if one of the parent directories of the current working directory do not have read 

abc@c5noxen [~]# echo $SHELL
abc@c5noxen [~]# pwd
abc@c5noxen [~]# ls -ld . /home
drwx------ 4 abc  abc  4096 May 26 15:05 ./
drwx--x--x 7 root root 4096 May 26 15:01 /home/
abc@c5noxen [~]# /bin/pwd
/bin/pwd: cannot open directory `..': Permission denied

Under the latest version of coreutils (6.9 presently), this issue has been addressed:

abc@c5noxen [~]# /usr/local/bin/pwd
Comment 1 Ondrej Vasik 2008-05-27 04:15:45 EDT
Thanks for report.
Actually you are wrong with the latest version of coreutils - latest is 6.11
(and I packaged 6.10 is part of Fedora9 and 6.11 of Fedora's Rawhide). Shipping
an old version of packages(not only coreutils) and fixing reported issues is the
way how the RHEL system works - long term support. Problem will get fixed in
next RHEL-5 coreutils update.
Comment 2 RHEL Product and Program Management 2008-06-02 15:57:12 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
Comment 3 Michael Best 2008-06-08 05:12:37 EDT
You know, the strange thing is it only fails when you call it with it's full path.

[mbest@test ~]$ ls -ld . /home
drwx------ 4 mbest mbest 4096 Apr 11 00:52 .
drwx--x--x 6 root  root  4096 Apr 10 18:49 /home
[mbest@test ~]$ /bin/pwd
/bin/pwd: cannot open directory `..': Permission denied
[mbest@test ~]$ which pwd
[mbest@test ~]$ pwd
[mbest@test ~]$
Comment 4 Ben Thomas 2008-06-09 11:48:40 EDT
(In reply to comment #3)
> You know, the strange thing is it only fails when you call it with it's full path.

This is because without a full path, pwd is likely using the shell defined alias rather than the coreutils 
Comment 17 errata-xmlrpc 2009-01-20 16:42:53 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.