linux: make getcwd(3) fail if it cannot obtain an absolute path [BZ #22679]

Currently getcwd(3) can succeed without returning an absolute path
because the underlying getcwd syscall, starting with linux commit
v2.6.36-rc1~96^2~2, may succeed without returning an absolute path.

This is a conformance issue because "The getcwd() function shall
place an absolute pathname of the current working directory
in the array pointed to by buf, and return buf".

This is also a security issue because a non-absolute path returned
by getcwd(3) causes a buffer underflow in realpath(3).

Fix this by checking the path returned by getcwd syscall and falling
back to generic_getcwd if the path is not absolute, effectively making
getcwd(3) fail with ENOENT.  The error code is chosen for consistency
with the case when the current directory is unlinked.

[BZ #22679]
CVE-2018-1000001
* sysdeps/unix/sysv/linux/getcwd.c (__getcwd): Fall back to
generic_getcwd if the path returned by getcwd syscall is not absolute.
* io/tst-getcwd-abspath.c: New test.
* io/Makefile (tests): Add tst-getcwd-abspath.

1 files changed, 4 insertions, 0 deletions

diff --git a/NEWS b/NEWS
index 75bf467..79736db 100644
--- a/NEWS
+++ b/NEWS
@@ -199,6 +199,10 @@ Security related changes:
   for AT_SECURE or SUID binaries could be used to load libraries from the
   current directory.
 
+  CVE-2018-1000001: Buffer underflow in realpath function when getcwd function
+  succeeds without returning an absolute path due to unexpected behaviour
+  of the Linux kernel getcwd syscall.  Reported by halfdog.
+
 The following bugs are resolved with this release:
 
   [The release manager will add the list generated by