From nobody@FreeBSD.org  Thu Aug  3 11:52:48 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C951F16A4DA
	for <freebsd-gnats-submit@FreeBSD.org>; Thu,  3 Aug 2006 11:52:48 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6A5FF43D49
	for <freebsd-gnats-submit@FreeBSD.org>; Thu,  3 Aug 2006 11:52:48 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k73BqjH5031319
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 3 Aug 2006 11:52:45 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k73BqjCn031317;
	Thu, 3 Aug 2006 11:52:45 GMT
	(envelope-from nobody)
Message-Id: <200608031152.k73BqjCn031317@www.freebsd.org>
Date: Thu, 3 Aug 2006 11:52:45 GMT
From: Aragon Gouveia <aragon@phat.za.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: /bin/sh pwd bug after cd into restricted directory
X-Send-Pr-Version: www-2.3

>Number:         101316
>Category:       bin
>Synopsis:       /bin/sh pwd bug after cd into restricted directory
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    stefanf
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Aug 03 12:00:34 GMT 2006
>Closed-Date:    Sun Apr 20 18:10:47 UTC 2008
>Last-Modified:  Sun Apr 20 18:10:47 UTC 2008
>Originator:     Aragon Gouveia
>Release:        6.1-RELEASE
>Organization:
>Environment:
FreeBSD <snip> 6.1-RELEASE-p3 FreeBSD 6.1-RELEASE-p3 #0: Fri Jul 14 15:05:23 UTC 2006     root@<snip>:/usr/src/sys/i386/compile/PAVLOV  i386
>Description:
After attempting (and failing) to cd into a directory whose permissions
restrict that access, the $PWD and output of pwd reflect that I am in that
directory.  But performing a file listing confirms that I am not.

>How-To-Repeat:
$ cd /var/db
$ ls -l
total 974
drwx------   2 operator  operator     512 Aug  3 11:44 entropy
drwx------   2 root      wheel        512 May  7 03:54 ipf
-r--r--r--   1 nobody    wheel     953165 Jul 29 04:15 locate.database
-rw-r--r--   1 root      wheel          0 Jul 12 09:10 mountdtab
-rw-r--r--   1 root      wheel          7 Aug  3 11:07 ntp.drift
drwxr-xr-x  35 root      wheel       1024 Jul 18 11:04 pkg
drwxr-xr-x   8 root      wheel        512 Jul 18 10:59 ports
drwxr-xr-x   2 root      wheel        512 May  7 03:54 portsnap
drwxr-xr-x  46 root      wheel       1024 Jul 14 09:21 sup
$ pwd
/var/db
$ cd ipf
cd: can't cd to ipf
$ pwd
/var/db/ipf
$ ls -l
total 974
drwx------   2 operator  operator     512 Aug  3 11:44 entropy
drwx------   2 root      wheel        512 May  7 03:54 ipf
-r--r--r--   1 nobody    wheel     953165 Jul 29 04:15 locate.database
-rw-r--r--   1 root      wheel          0 Jul 12 09:10 mountdtab
-rw-r--r--   1 root      wheel          7 Aug  3 11:07 ntp.drift
drwxr-xr-x  35 root      wheel       1024 Jul 18 11:04 pkg
drwxr-xr-x   8 root      wheel        512 Jul 18 10:59 ports
drwxr-xr-x   2 root      wheel        512 May  7 03:54 portsnap
drwxr-xr-x  46 root      wheel       1024 Jul 14 09:21 sup
$ cd ..
$ pwd
/var/db
$ ls -l
total 974
drwx------   2 operator  operator     512 Aug  3 11:44 entropy
drwx------   2 root      wheel        512 May  7 03:54 ipf
-r--r--r--   1 nobody    wheel     953165 Jul 29 04:15 locate.database
-rw-r--r--   1 root      wheel          0 Jul 12 09:10 mountdtab
-rw-r--r--   1 root      wheel          7 Aug  3 11:07 ntp.drift
drwxr-xr-x  35 root      wheel       1024 Jul 18 11:04 pkg
drwxr-xr-x   8 root      wheel        512 Jul 18 10:59 ports
drwxr-xr-x   2 root      wheel        512 May  7 03:54 portsnap
drwxr-xr-x  46 root      wheel       1024 Jul 14 09:21 sup

>Fix:

>Release-Note:
>Audit-Trail:

From: "Michael MacInnis" <michaelmacinnis@rogers.com>
To: <bug-followup@FreeBSD.org>,
	<aragon@phat.za.net>
Cc:  
Subject: Re: bin/101316: /bin/sh pwd bug after cd into restricted directory
Date: Fri, 18 Aug 2006 11:42:20 -0400

 Adding a call to updatepwd(NULL) in cd.c seems to fix the problem:
 
 @@ -202,6 +202,7 @@
  
  	INTOFF;
  	if (updatepwd(badstat ? NULL : dest) < 0 || chdir(curdir) < 0) {
 +		updatepwd(NULL);
  		INTON;
  		return (-1);
  	}
 
 This may also address PR bin/64990.
 
 Michael MacInnis.
Responsible-Changed-From-To: freebsd-bugs->stefanf 
Responsible-Changed-By: le 
Responsible-Changed-When: Fri Mar 30 17:00:34 UTC 2007 
Responsible-Changed-Why:  
Over to maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=101316 
State-Changed-From-To: open->patched 
State-Changed-By: stefanf 
State-Changed-When: Sun Feb 24 16:53:02 UTC 2008 
State-Changed-Why:  
Fixed in HEAD. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=101316 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: bin/101316: commit references a PR
Date: Sun, 24 Feb 2008 16:51:01 +0000 (UTC)

 stefanf     2008-02-24 16:50:55 UTC
 
   FreeBSD src repository
 
   Modified files:
     bin/sh               cd.c 
   Log:
   Split updatepwd() into two smaller functions.  The first one, findpwd(),
   computes the new path and the second one, updatepwd(), updates the variables
   PWD, OLDPWD and the path used for the pwd builtin according to the new
   directory.  For a logical directory change, chdir() is now called between
   those two functions, no longer causing wrong values to be stored in PWD etc. if
   it fails.
   
   PR:     64990, 101316, 120571
   
   Revision  Changes    Path
   1.36      +45 -38    src/bin/sh/cd.c
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
State-Changed-From-To: patched->closed 
State-Changed-By: stefanf 
State-Changed-When: Sun Apr 20 18:10:42 UTC 2008 
State-Changed-Why:  
Merged to RELENG_6 and RELENG_7. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=101316 
>Unformatted:
