NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
bin/57313: find(1) needlessly bails out if CWD cannot be opened
>Number: 57313
>Category: bin
>Synopsis: find(1) needlessly bails out if CWD cannot be opened
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Mar 30 15:45:00 +0000 2023
>Originator: Timo Buhrmester
>Release: 8.2_STABLE
>Organization:
Math. Institute, Bonn University
>Environment:
NetBSD werra.math.uni-bonn.de 8.2_STABLE NetBSD 8.2_STABLE (MI-Server) #17: Fri Jul 16 14:01:03 CEST 2021 support%trave.math.uni-bonn.de@localhost:/var/work/obj-8/sys/arch/amd64/compile/miserv amd64
>Description:
There's cases where you can't find(1) for the sole reason of $CWD not being readable, even in cases where find has no business doing anything there to begin with.
$ pwd
/home/timo
$ sudo find /
find: .: Permission denied
$
The thing to note here is that /home/timo is mounted from a file server, local root is squashed to something non-root on the fileserver, therefore the local root cannot access /home/timo.
But looking at the invocation, there's no need to access /home/timo in the first place.
This is caused by find's main.c doing this:
if ((dotfd = open(".", O_RDONLY | O_CLOEXEC, 0)) == -1)
err(1, ".");
which is behavior that was already present in 386BSD.
Looking at the source, "dotfd" seems only relevant for -exec and friends, so maybe a conditional to only do that if an -exec, -ok, etc has actually been specified might be a possible solution.
>How-To-Repeat:
To avoid the whole NFS setup, the following steps will also reproduce the behavior:
(don't be root)
$ mkdir foo
$ cd foo
$ chmod 000 .
$ find /
>Fix:
find should bail out only for situations where the ability to access "." is actually required later on. It might stand to debate, whether find should care at all. It might as well just execute the -exec part and let the exec'ed program deal with the fact that it can't access it's own CWD.
Based on my limited knowledge of the internals and rationale of find(1) anyway.
Home |
Main Index |
Thread Index |
Old Index