Re: TOCTOU bug in make(1)

To: tech-toolchain%netbsd.org@localhost
Subject: Re: TOCTOU bug in make(1)
From: Joerg Sonnenberger <joerg%bec.de@localhost>
Date: Thu, 6 Oct 2022 22:51:47 +0200

Am Thu, Oct 06, 2022 at 08:05:51PM +0000 schrieb David Holland:
> On Thu, Oct 06, 2022 at 09:43:35PM +0200, Joerg Sonnenberger wrote:
>  > > I ran CodeQL, a SAST tool, against trunk. It found a TOCTOU vulnerability
>  > > in the `unlink_file` function of make(1). The function is a small wrapper
>  > > over unlink(2), but it first checks that the file exists using lstat(2).
>  > > Although I don't see an immediate danger here, I admit I'm not
>  > > very imaginative for vulnerabilities.
>  > 
>  > This is necessary for historic reasons because old UNIX systems allows
>  > unlink(2) on directories with bad consequences.
> 
> Also, even if unlink() on a directory actually results in a correct
> rmdir, changing the behavior of that function so that delete-target-
> on-error sometimes removes directories and sometimes doesn't,
> depending on the OS or even on the filesystem in use, doesn't seem
> like a good idea.

Actually, the correct and expected behavior is that it fails on
directories. unlink and rmdir are supposed to be symmetrical in that
regard.

Joerg

Follow-Ups:
- Re: TOCTOU bug in make(1)
  - From: David Holland
- Re: TOCTOU bug in make(1)
  - From: Mario Campos

References:
- TOCTOU bug in make(1)
  - From: Mario Campos
- Re: TOCTOU bug in make(1)
  - From: Joerg Sonnenberger
- Re: TOCTOU bug in make(1)
  - From: David Holland

Prev by Date: Re: TOCTOU bug in make(1)
Next by Date: Re: TOCTOU bug in make(1)
Previous by Thread: Re: TOCTOU bug in make(1)
Next by Thread: Re: TOCTOU bug in make(1)
Indexes:

Home | Main Index | Thread Index | Old Index