i386/113951: The builtin pwd in sh has odd behavior

[Jam]

>Number:         113951
>Category:       i386
>Synopsis:       The builtin pwd in sh has odd behavior
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-i386
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jun 22 16:30:03 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Jam
>Release:        FreeBSD 6.2-STABLE
>Organization:
Bam
>Environment:
FreeBSD server.xxx.no-ip.com 6.2-STABLE FreeBSD 6.2-STABLE #1: Mon Jun 11 03:25:39 EDT 2007     root at server.xxx.no-ip.com:/usr/obj/usr/src/sys/GENERIC  i386

>Description:
the builtin pwd of sh has odd behavior when trying to chdir to an unreadable and unexecutable directory.
>How-To-Repeat:
Assuming you have a limited user account named 'limiteduser'

1. Make a directory while logged in to root named '/usr/home/limiteduser/offlimit' for example
2. Do 'chmod go=- /usr/home/limiteduser/offlimit'
3. Login from the limited account which uses 'sh' as default shell
4. Do 'cd offlimit'
5. Now check 'pwd' (this will probably call sh's built in pwd)... pwd will wrongfully show that you have successfully chdir'ed.
6. To make this problem look worse, try to 'cd offlimit' again.
7. Your 'pwd' will no doubt look like /usr/home/limiteduser/offlimit/offlimit
8. Keep doing step 6 and pwd will grow and grow and grow ... until it hits a resource limit or something
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted: