illumos gate

I have no clue what this code does... but... maybe the intention of the code was/is to get the physical path (e.g. pwd -P) instead of the logical path name returned by |getcwd()|.
Example:
The ksh/bash "pwd" builtin returns the logical path name while the external /usr/bin/pwd utilitz returns the physical path name:
$ cd /usr/lib/32/32/32/
$ pwd
/usr/lib/32/32/32
$ /usr/bin/pwd
/usr/lib


getcwd(3C) returns the physical pathname too, so there'd be no difference here. I think it's just ancient code.

The SunOS-compat libbc getcwd() uses "pwd" too (most unsafely), Gordon thinks possibly to get some special-cased behaviour of the old SunOS pwd relating to the old automounter. Perhaps they have the same reasons (though at is from AT&T, and libbc from Berkeley)

Rich Lowe wrote:

getcwd(3C) returns the physical pathname too, so there'd be no difference here. I think it's just ancient code.

Mhhh... I am still wondering why it explicitly uses /usr/bin/pwd as external process. |getcwd()| is a quite old function in libc and somehow I am wondering why noone complained about the extra process |fork()| if it would be unneccesary...

Well, if the code existed on 4, libc would be forking for it too, so there'd be no savings. Special casing of the old automount behaviour (the BSD automount behaviour, with /tmp_mnt/ or whatever it was) would probably be seen as a feature.

There should be no difference in, for eg, behaviour in a directory to which you don't have permission to read or enter after the setuid.

Gary Mills wrote:

The `at' command runs setuid root. It has to determine
the user's CWD so that it can later execute the at job from
the same directory. It runs /usr/bin/pwd in a pipe to obtain
this information. The `getcwd()' function also runs `pwd'
in a pipe, expecting /usr/bin to be in the PATH.

You're looking at the wrong getcwd(). The SunOS compat getcwd() behaves as you describe, the real getcwd() is a system call.

(src/lib/libbc is the SunOS compat library, the real C library is src/lib/libc)

Yes, I was looking at the wrong getcwd(). With the right
one, changes are possible. Even the fork() is no longer
needed, as long as getcwd() runs as the user to handle the
NFS case. Something like this might work:

realusr = getuid();
(void) setuid(realusr);
getcwd(dirbuf, sizeof(dirbuf));
(void) setuid(0);

Of course I meant to set only the effective UID, like this:

realusr = getuid();
(void) seteuid(realusr);
getcwd(dirbuf, sizeof(dirbuf));
(void) seteuid(0);