Re: TOCTOU bug in make(1)

To: tech-toolchain%netbsd.org@localhost
Subject: Re: TOCTOU bug in make(1)
From: David Holland <dholland-tech%netbsd.org@localhost>
Date: Thu, 6 Oct 2022 20:05:51 +0000

On Thu, Oct 06, 2022 at 09:43:35PM +0200, Joerg Sonnenberger wrote:
 > > I ran CodeQL, a SAST tool, against trunk. It found a TOCTOU vulnerability
 > > in the `unlink_file` function of make(1). The function is a small wrapper
 > > over unlink(2), but it first checks that the file exists using lstat(2).
 > > Although I don't see an immediate danger here, I admit I'm not
 > > very imaginative for vulnerabilities.
 > 
 > This is necessary for historic reasons because old UNIX systems allows
 > unlink(2) on directories with bad consequences.

Also, even if unlink() on a directory actually results in a correct
rmdir, changing the behavior of that function so that delete-target-
on-error sometimes removes directories and sometimes doesn't,
depending on the OS or even on the filesystem in use, doesn't seem
like a good idea.

Meanwhile, make is unprivileged and it already by design executes
arbitrary code from its input files, so it would be very difficult to
create any kind of situation that could reasonably be called a
"vulnerability".

-- 
David A. Holland
dholland%netbsd.org@localhost

Follow-Ups:
- Re: TOCTOU bug in make(1)
  - From: Joerg Sonnenberger

References:
- TOCTOU bug in make(1)
  - From: Mario Campos
- Re: TOCTOU bug in make(1)
  - From: Joerg Sonnenberger

Prev by Date: Re: TOCTOU bug in make(1)
Next by Date: Re: TOCTOU bug in make(1)
Previous by Thread: Re: TOCTOU bug in make(1)
Next by Thread: Re: TOCTOU bug in make(1)
Indexes:

Home | Main Index | Thread Index | Old Index