Follow-up Comment #1, bug #18466 (project findutils):
This patch is a quick hack; it won't work on systems like mingw that lack
fchdir (although this is not much of a loss, since gnulib's fts currently
requires fchdir, and will be resolved once someone contributes a gnulib
fchdir module), or where . cannot be returned to (also not much of a loss,
since without FTS_CWDFD, you are already performing chdirs, so it is only
extreme race cases that can cause problems, and this is not adding to the
vulnerability). Since it is a hack, I did not bother checking for failure;
all the more reason to not accept this patch as-is. But with this hack
applied, the testcase mentioned in the original report uses the correct
directory.
IMO, a better solution would be to use gnulib's FTS_CWDFD so that the
traversal never changes working directories, then do fchdir inside launch(),
after the fork but before the exec. But converting ftsfind to use FTS_CWDFD
seemed like a more time-consuming project, not to mention that all callers of
launch would need a change to pass the target working directory fd.
2006-12-05 Eric Blake <[EMAIL PROTECTED]>
Hack - use at your own risk:
* find/ftsfind.c (consider_visiting): Save and restore
directories, so that -execdir runs in the correct location.
(file #11460)
_______________________________________________________
Additional Item Attachment:
File name: findutils.patch2 Size:0 KB
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?18466>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
_______________________________________________
Bug-findutils mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/bug-findutils
