bin/57313: find(1) needlessly bails out if CWD cannot be opened

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: bin/57313: find(1) needlessly bails out if CWD cannot be opened
From: timo%math.uni-bonn.de@localhost
Date: Thu, 30 Mar 2023 15:45:00 +0000 (UTC)

>Number:         57313
>Category:       bin
>Synopsis:       find(1) needlessly bails out if CWD cannot be opened
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Mar 30 15:45:00 +0000 2023
>Originator:     Timo Buhrmester
>Release:        8.2_STABLE
>Organization:
Math. Institute, Bonn University
>Environment:
NetBSD werra.math.uni-bonn.de 8.2_STABLE NetBSD 8.2_STABLE (MI-Server) #17: Fri Jul 16 14:01:03 CEST 2021  support%trave.math.uni-bonn.de@localhost:/var/work/obj-8/sys/arch/amd64/compile/miserv amd64
>Description:
There's cases where you can't find(1) for the sole reason of $CWD not being readable, even in cases where find has no business doing anything there to begin with.

$ pwd
/home/timo
$ sudo find /
find: .: Permission denied
$

The thing to note here is that /home/timo is mounted from a file server, local root is squashed to something non-root on the fileserver, therefore the local root cannot access /home/timo.

But looking at the invocation, there's no need to access /home/timo in the first place.

This is caused by find's main.c doing this:

if ((dotfd = open(".", O_RDONLY | O_CLOEXEC, 0)) == -1)
    err(1, ".");

which is behavior that was already present in 386BSD.

Looking at the source, "dotfd" seems only relevant for -exec and friends, so maybe a conditional to only do that if an -exec, -ok, etc has actually been specified might be a possible solution.
>How-To-Repeat:
To avoid the whole NFS setup, the following steps will also reproduce the behavior:

(don't be root)

$ mkdir foo
$ cd foo
$ chmod 000 .
$ find /


>Fix:
find should bail out only for situations where the ability to access "." is actually required later on.   It might stand to debate, whether find should care at all.  It might as well just execute the -exec part and let the exec'ed program deal with the fact that it can't access it's own CWD.  
Based on my limited knowledge of the internals and rationale of find(1) anyway.

Prev by Date: Re: lib/57312: Missing atomic symbols generated by gcc
Next by Date: NetBSD Nightly Trouble Ticket Report
Previous by Thread: lib/57312: Missing atomic symbols generated by gcc
Next by Thread: lib/57314: ATF unit tests fail on 3 of 7 cases in program lib/libc/c063/t_utimensat on evbarm/Rpi 02W
Indexes:

Home | Main Index | Thread Index | Old Index