Merge pull request #22440 from jamessawle/sandbox-chdir-before-exec

sandbox: chdir into tmpdir before exec to avoid getcwd EPERM

Author: MikeMcQuaid

Library/Homebrew/sandbox.rb

@@ -375,6 +375,11 @@ def run(*args)
 
                 ensure_child_tty_available
 
+                # Move into a non-denied directory before `exec` so subsequent
+                # `getcwd(3)` calls (which walk every parent) never cross a
+                # `deny_read_home` path inherited from the caller's CWD.
+                Dir.chdir(tmpdir)
+
                 worker.close_on_exec = true
                 exec(*command, in: worker, out: worker, err: worker) # And map everything to the PTY.
               else

Library/Homebrew/test/sandbox_spec.rb

@@ -43,6 +43,15 @@
         .and output(/foo/).to_stdout
     end
 
+    it "does not raise getcwd EPERM when the parent CWD is sandbox-denied" do
+      mktmpdir do |denied|
+        sandbox.deny_read_path(denied)
+        Dir.chdir(denied) do
+          expect { sandbox.run "/bin/pwd" }.not_to raise_error
+        end
+      end
+    end
+
     it "ignores bogus Python error" do
       ENV["HOMEBREW_VERBOSE"] = "1"