Inside PWD
Glenn Fowler[drew]
gsf at ulysses.homer.nj.att.com
Tue Oct 17 10:59:22 AEST 1989
In article <11310 at smoke.BRL.MIL>, gwyn at smoke.BRL.MIL (Doug Gwyn) writes:
> In article <1281 at virtech.UUCP> cpcahil at virtech.UUCP (Conor P. Cahill) writes:
> >BTW - there is no system call to do this because the system doesn't know
> >where you are (other than the inode of your current directory).
...
> If the c.w.d. could reliably be trusted to be in an environment variable,
> then an alternate, and generally less confusing, implementation of getcwd()
> suggests itself. However, it wouldn't be reliable from a security standpoint.
the environment c.w.d. can be verified by two quick stat()'s at the top of
getcwd():
/* NOTE: $PWD could be . */
if ((pwd = getenv("PWD")) && *pwd == '/' &&
stat(".", &dot) != -1 && stat(pwd, &cwd) != -1 &&
dot.st_dev == cwd.st_dev && dot.st_ino == cwd.st_ino)
{
/* pwd is a rooted path to c.w.d. */
}
is there some security issue missing here?
--
Glenn Fowler (201)-582-2195 AT&T Bell Laboratories, Murray Hill, NJ
uucp: {att,decvax,ucbvax}!ulysses!gsf internet: gsf at ulysses.att.com
More information about the Comp.unix.wizards
mailing list