Date: Mon, 20 Jan 1997 22:55:34 +0100 (CET) From: Tor Egge <Tor.Egge@idt.ntnu.no> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/2541: cd (using /bin/sh) may leave you in the wrong directory Message-ID: <199701202155.WAA14878@bitbucket.idt.ntnu.no> Resent-Message-ID: <199701202200.OAA01387@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 2541 >Category: bin >Synopsis: cd (using /bin/sh) may leave you in the wrong directory >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Jan 20 14:00:00 PST 1997 >Last-Modified: >Originator: Tor Egge >Organization: Norwegian University of Science and Technology, Trondheim, Norway >Release: FreeBSD 3.0-CURRENT i386 >Environment: FreeBSD ikke.idt.unit.no 3.0-CURRENT FreeBSD 3.0-CURRENT #0: Mon Jan 20 21:59:08 MET 1997 root@ikke.idt.unit.no:/usr/src/sys-UP/compile/TEGGE i386 >Description: cd (using /bin/sh) may leave you in the wrong directory. >How-To-Repeat: Run the following shell script: --- #!/bin/sh cd /tmp rm -rf /tmp/good /tmp/bad mkdir good mkdir good/some mkdir good/etc echo "Test OK" > good/etc/FILE mkdir bad mkdir bad/etc echo "Test failed" > bad/etc/FILE ln -s ../good/some bad/some cd /tmp/bad/some/../etc cat FILE /bin/pwd cd .. /bin/pwd cd /tmp rm -rf /tmp/good /tmp/bad --- >Fix: Don't blindly eliminate `..' in the target directory name by also eliminating the previous component. If the previous component was a symbolic link, the elimination might be bogus. >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199701202155.WAA14878>