Feature #8712

change getcwd behavior

Added by Brian De Wolf 11 days ago. Updated 7 days ago.

Status:NewStart date:2017-10-11
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-
Difficulty:Medium Tags:needs-triage

Description

This is a feature request to change getcwd to not implement this failure case:

GETCWD
...
The getcwd() function may fail if:

EACCES
A parent directory cannot be read to get its name.

This failure case hampers a process' ability to safely operate in a directory with shared access. The prime example of an application harmed by this is Samba. Samba exports directories via SMB. When Samba moves around the exported directory, it uses getcwd to validate it hasn't left the exported tree. With the failure case described above, a user can set permissions on their own directories such that getcwd fails. If getcwd is unreliable, Samba is unable to verify its location and refuses to perform certain actions.

Samba's other major platforms (Linux, FreeBSD) do not have this restriction in their getcwd implementation. I was also informed by an Oracle engineer that Solaris 11 and Solaris 10U11 have changed getcwd's behavior as well.

Can getcwd be changed to match other modern platforms while still following the standard?

Samba bug: https://bugzilla.samba.org/show_bug.cgi?id=13027
illumos-discuss thread: https://illumos.topicbox.com/groups/discuss/T1bf578bf66b8b8b0

History

#1 Updated by Paul Henson 7 days ago

Not sure how relevant these are, but a couple links posted on the mailing list so you don't have to dig for them:

https://blogs.oracle.com/casper/solaris-11:-evolution-of-vpath

https://blogs.oracle.com/casper/getcwdnull,-0-revisited

Also available in: Atom