here's an unnecessary fix (Re: standards/44425: getcwd() succeedseven if current dir has perm 000)

Wed May 28 11:40:15 PDT 2003

The following reply was made to PR standards/44425; it has been noted by GNATS.

From: "Dorr H. Clark" <dclark at applmath.scu.edu>
To: freebsd-gnats-submit at FreeBSD.org, behanna at zbzoom.net,
	freebsd-standards at FreeBSD.org
Cc:  
Subject: here's an unnecessary fix (Re: standards/44425: getcwd() succeeds even 
 if current dir has perm 000)
Date: Wed, 28 May 2003 10:19:30 -0700

 The bug 44425 has a straightforward fix,
 but our research indicates that the fix is not required
 by the standard.  The man page indicates that getcwd()
 conforms to POSIX.1, which we quote:

 POSIX.1 section B.5.2.2 :
 "If a program is operating in a directory where some
 (grand)parent directory does not permit reading,
 getcwd() MAY fail, ... "  (emphasis added)

 In otherwords, the behavior described in 44425 is acceptable.  
 We have implemented a fix anyway.  In a situation like this,
 where we're adding a VOP interface into a system call (see below), 
 performance should also be considered.  The routine getcwd()
 is not typically a performance critical component of the file
 system code, but a clear case exists for keeping the code
 the way it is instead of applying the enclosed patch.
 Care also should be taken that there are no unexpected side effects
 for programs which rely on the standard for normal operation.

 Note:  If you're really interested in file system restricted
 access for particular users, you might check out the "jail"
 functionality.

 What follows is the actual fix.

 Fix applies to src/sys/kern/vfs_cache.c, please note that our
 implementation is applied to the 4.7 baseline.

 --- vfs_cache.c_orig    Wed Apr 30 05:43:20 2003
 +++ vfs_cache.c Tue May 13 08:45:21 2003
 @@ -546,6 +546,7 @@
         struct filedesc *fdp;
         struct namecache *ncp;
         struct vnode *vp;
 +       struct vattr vattr; /* attributes of vnode */

         numcwdcalls++;
         if (disablecwd)
 @@ -579,6 +580,22 @@
                         free(buf, M_TEMP);
                         return (ENOENT);
                 }
 +
 +               if ((error = VOP_GETATTR(ncp->nc_vp, &vattr, p->p_ucred,
 p)) != 0) {
 +                     free(buf, M_TEMP);
 +                     return(error);
 +               }
 +                       
 +
 +       /* check if read or search permissions are denied, if so, then
 +          return an EACCES error and exit.
 +        */
 + 
 +               if (!(vattr.va_mode & VEXEC) || (!(vattr.va_mode &
 VREAD))) {
 +                     free(buf, M_TEMP);
 +                     return(EACCES);
 +               }
 +               
                 if (ncp->nc_dvp != vp->v_dd) {
                         numcwdfail3++;
                         free(buf, M_TEMP);

 Kalpana Pathak, engineer
 Dorr H. Clark, advisor
 COEN 284, Operating Systems Case Study
 Santa Clara University