chmod: Incomplete safe traversal/access #9541
Description
As of 3b0f47d from earlier today:
$ mkdir -p x/y/z
$ strace ./target/debug/chmod -R +x x
statx(AT_FDCWD, "x/y/z", AT_STATX_SYNC_AS_STAT|AT_SYMLINK_NOFOLLOW, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFDIR|0775, stx_size=6, ...}) = 0
statx(AT_FDCWD, "x/y/z", AT_STATX_SYNC_AS_STAT|AT_SYMLINK_NOFOLLOW, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFDIR|0775, stx_size=6, ...}) = 0
statx(AT_FDCWD, "x/y/z", AT_STATX_SYNC_AS_STAT, STATX_ALL, {stx_mask=STATX_ALL|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFDIR|0775, stx_size=6, ...}) = 0
openat(AT_FDCWD, "x/y/z", O_RDONLY|O_CLOEXEC|O_DIRECTORY) = 5
We can see that while it uses the "safe" calls it uses them with AT_FDCWD and the complete path instead of the path relative to the fd (here it would have to be function(4, "z", ...), not function(AT_FDCWD, "x/y/z", ...)