linux-man.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] getcwd.3: Mention that "(unreachable)" is no longer returned for glibc > 2.27.
@ 2018-02-05 20:34 Carlos O'Donell
  2018-04-12 11:50 ` Michael Kerrisk (man-pages)
  0 siblings, 1 reply; 2+ messages in thread
From: Carlos O'Donell @ 2018-02-05 20:34 UTC (permalink / raw)
  To: Michael Kerrisk, linux-man-u79uwXL29TY76Z2rM5mHXA, GNU C Library
  Cc: Florian Weimer

Michael,

With glibc fix 52a713fdd0a30e1bd79818e2e3c4ab44ddca1a94 for
CVE-2018-1000001 (Sourceware BZ #22679) the implementation in the
just released glibc 2.27 has been changed such that instead of
returning "(unreachable)" the implementation now returns ENOENT
as it would have if the current directory had been unlinked.

I see that in 2015 the quirk was documented in commit
a2ac97c78bf05a55f8f616fc39a4724372dcfa95, and this is no longer
true with glibc 2.27, but may continue to be true in other C libraries,
so I reference NOTES from the paragraph in the central text.

Signed-off-by: Carlos O'Donell <carlos-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>

diff --git a/man3/getcwd.3 b/man3/getcwd.3
index ff953a7d0..3c41736c9 100644
--- a/man3/getcwd.3
+++ b/man3/getcwd.3
@@ -91,7 +91,9 @@ the current directory into another mount namespace.
 When dealing with paths from untrusted sources, callers of these
 functions should consider checking whether the returned path starts
 with '/' or '(' to avoid misinterpreting an unreachable path
-as a relative path.
+as a relative path. This is no longer true under some C libraries,
+see
+.BR NOTES .
 .PP
 The
 .BR getcwd ()
@@ -270,6 +272,16 @@ generic implementation is called.
 Only in that case can
 these calls fail under Linux with
 .BR EACCES .
+.PP
+Since Linux commit v2.6.36 which added "(unreachable)" the glibc
+.BR getcwd ()
+has failed to conform to POSIX and returned a relative path when the API
+contract requires an absolute path. With glibc 2.27 onwards this is corrected;
+calling
+.BR getcwd ()
+from such a path will now result in failure with
+.BR ENOENT .
+
 .PP
 These functions are often used to save the location of the current working
 directory for the purpose of returning to it later.
---

-- 
Cheers,
Carlos.
--
To unsubscribe from this list: send the line "unsubscribe linux-man" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] getcwd.3: Mention that "(unreachable)" is no longer returned for glibc > 2.27.
  2018-02-05 20:34 [PATCH] getcwd.3: Mention that "(unreachable)" is no longer returned for glibc > 2.27 Carlos O'Donell
@ 2018-04-12 11:50 ` Michael Kerrisk (man-pages)
  0 siblings, 0 replies; 2+ messages in thread
From: Michael Kerrisk (man-pages) @ 2018-04-12 11:50 UTC (permalink / raw)
  To: Carlos O'Donell, linux-man, GNU C Library
  Cc: mtk.manpages, Florian Weimer

Hello Carlos,

On 02/05/2018 09:34 PM, Carlos O'Donell wrote:
> Michael,
> 
> With glibc fix 52a713fdd0a30e1bd79818e2e3c4ab44ddca1a94 for
> CVE-2018-1000001 (Sourceware BZ #22679) the implementation in the
> just released glibc 2.27 has been changed such that instead of
> returning "(unreachable)" the implementation now returns ENOENT
> as it would have if the current directory had been unlinked.
> 
> I see that in 2015 the quirk was documented in commit
> a2ac97c78bf05a55f8f616fc39a4724372dcfa95, and this is no longer
> true with glibc 2.27, but may continue to be true in other C libraries,
> so I reference NOTES from the paragraph in the central text.

Thanks. Patch applied.

Cheers,

Michael

> Signed-off-by: Carlos O'Donell <carlos@redhat.com>
> 
> diff --git a/man3/getcwd.3 b/man3/getcwd.3
> index ff953a7d0..3c41736c9 100644
> --- a/man3/getcwd.3
> +++ b/man3/getcwd.3
> @@ -91,7 +91,9 @@ the current directory into another mount namespace.
>  When dealing with paths from untrusted sources, callers of these
>  functions should consider checking whether the returned path starts
>  with '/' or '(' to avoid misinterpreting an unreachable path
> -as a relative path.
> +as a relative path. This is no longer true under some C libraries,
> +see
> +.BR NOTES .
>  .PP
>  The
>  .BR getcwd ()
> @@ -270,6 +272,16 @@ generic implementation is called.
>  Only in that case can
>  these calls fail under Linux with
>  .BR EACCES .
> +.PP
> +Since Linux commit v2.6.36 which added "(unreachable)" the glibc
> +.BR getcwd ()
> +has failed to conform to POSIX and returned a relative path when the API
> +contract requires an absolute path. With glibc 2.27 onwards this is corrected;
> +calling
> +.BR getcwd ()
> +from such a path will now result in failure with
> +.BR ENOENT .
> +
>  .PP
>  These functions are often used to save the location of the current working
>  directory for the purpose of returning to it later.
> ---
> 


-- 
Michael Kerrisk
Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/
Linux/UNIX System Programming Training: http://man7.org/training/

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-04-12 11:50 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-02-05 20:34 [PATCH] getcwd.3: Mention that "(unreachable)" is no longer returned for glibc > 2.27 Carlos O'Donell
2018-04-12 11:50 ` Michael Kerrisk (man-pages)

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).