Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!uwm.edu!gem.mps.ohio-state.edu!apple!agate!ucbvax!ulysses!gsf
From: gsf@ulysses.homer.nj.att.com (Glenn Fowler[drew])
Newsgroups: comp.unix.wizards
Subject: Re: Inside PWD
Summary: optimized getcwd()
Message-ID: <12291@ulysses.homer.nj.att.com>
Date: 17 Oct 89 00:59:22 GMT
References: <166@volvo.vd.volvo.se> <1281@virtech.UUCP> <11310@smoke.BRL.MIL>
Organization: AT&T Bell Laboratories, Murray Hill
Lines: 24

In article <11310@smoke.BRL.MIL>, gwyn@smoke.BRL.MIL (Doug Gwyn) writes:
> In article <1281@virtech.UUCP> cpcahil@virtech.UUCP (Conor P. Cahill) writes:
> >BTW - there is no system call to do this because the system doesn't know
> >where you are (other than the inode of your current directory).
...
> If the c.w.d. could reliably be trusted to be in an environment variable,
> then an alternate, and generally less confusing, implementation of getcwd()
> suggests itself.  However, it wouldn't be reliable from a security standpoint.

the environment c.w.d. can be verified by two quick stat()'s at the top of
getcwd():

	/* NOTE: $PWD could be . */
	if ((pwd = getenv("PWD")) && *pwd == '/' &&
	    stat(".", &dot) != -1 && stat(pwd, &cwd) != -1 &&
	    dot.st_dev == cwd.st_dev && dot.st_ino == cwd.st_ino)
	{
		/* pwd is a rooted path to c.w.d. */
	}

is there some security issue missing here?
-- 
Glenn Fowler    (201)-582-2195    AT&T Bell Laboratories, Murray Hill, NJ
uucp: {att,decvax,ucbvax}!ulysses!gsf       internet: gsf@ulysses.att.com